In this particular case it's not generating SQL but just filling in space to match the number of columns with the original query. Basically once it executes without an error it allows the attacker to see how many columns the original query is selecting. It's part of an automated attack tool.
-Justin On Mon, Jul 22, 2013 at 5:08 AM, Russ Michaels <[email protected]> wrote: > > You can run cast function on the hex string to see the actual sql it > generates, which I thought was required anyway so not sure that query would > even execute otherwise. > > Russ Michaels > www.michaels.me.uk > cfmldeveloper.com > cflive.net > cfsearch.com > On 22 Jul 2013 04:45, "Justin Scott" <[email protected]> wrote: > >> >> There was some discussion about a very similar injection on Stack >> Overflow which may be useful: >> >> >> http://stackoverflow.com/questions/4600954/site-has-been-hacked-via-sql-injection >> >> >> -Justin >> >> >> >> On Sun, Jul 21, 2013 at 1:33 PM, Dave Hatz <[email protected]> >> wrote: >> > >> > We had someone trying to hack our system last night and I would like to >> know what he was trying to get. Seems one of our new Junior programmers >> didn't use CFQUERYPARAM and allowed this param into the query string. >> Needless to say, I will be having a nice long chat with him when he gets >> into the office tomorrow. >> > >> > How do I decode what this is? Is there a tool or site that will convert >> this for me? >> > >> > 999999.9 /*!30000union all select >> 0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536*/-- >> > >> > >> >> > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:356266 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
