There was some discussion about a very similar injection on Stack Overflow which may be useful:
http://stackoverflow.com/questions/4600954/site-has-been-hacked-via-sql-injection -Justin On Sun, Jul 21, 2013 at 1:33 PM, Dave Hatz <[email protected]> wrote: > > We had someone trying to hack our system last night and I would like to know > what he was trying to get. Seems one of our new Junior programmers didn't > use CFQUERYPARAM and allowed this param into the query string. Needless to > say, I will be having a nice long chat with him when he gets into the office > tomorrow. > > How do I decode what this is? Is there a tool or site that will convert this > for me? > > 999999.9 /*!30000union all select > 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536*/-- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356264 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
