Check out the 4th comment here - http://stackoverflow.com/questions/4600954/site-has-been-hacked-via-sql-injection
Seems to be similar attack. On Sun, Jul 21, 2013 at 1:33 PM, Dave Hatz <[email protected]>wrote: > > We had someone trying to hack our system last night and I would like to > know what he was trying to get. Seems one of our new Junior programmers > didn't use CFQUERYPARAM and allowed this param into the query string. > Needless to say, I will be having a nice long chat with him when he gets > into the office tomorrow. > > How do I decode what this is? Is there a tool or site that will convert > this for me? > > 999999.9 /*!30000union all select > 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536*/-- > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356267 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
