You can run cast function on the hex string to see the actual sql it generates, which I thought was required anyway so not sure that query would even execute otherwise.
Russ Michaels www.michaels.me.uk cfmldeveloper.com cflive.net cfsearch.com On 22 Jul 2013 04:45, "Justin Scott" <[email protected]> wrote: > > There was some discussion about a very similar injection on Stack > Overflow which may be useful: > > > http://stackoverflow.com/questions/4600954/site-has-been-hacked-via-sql-injection > > > -Justin > > > > On Sun, Jul 21, 2013 at 1:33 PM, Dave Hatz <[email protected]> > wrote: > > > > We had someone trying to hack our system last night and I would like to > know what he was trying to get. Seems one of our new Junior programmers > didn't use CFQUERYPARAM and allowed this param into the query string. > Needless to say, I will be having a nice long chat with him when he gets > into the office tomorrow. > > > > How do I decode what this is? Is there a tool or site that will convert > this for me? > > > > 999999.9 /*!30000union all select > 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536*/-- > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356265 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
