Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

SQL Injection Attack 1

Status
Not open for further replies.

GhostWolf

Programmer
Jun 27, 2003
290
US
Can anyone tell me what this code is supposed to do:

0x574 14954 464f5 22044 454c4 15920 27303 03a30 303a3 13527

I've intentionally split it into 5-character groups. I noticed it had been injected, as part of a SQL Exec statement, into an input field on one of our web pages.

Fortunately, my code-behind is written to mangle any suspected SQL code so that it can't execute - but I'm still curious what it was supposed to happen.
 
The "0x" in front means it's hexadecimal, so you break it into pairs. That makes it...

Code:
57 41 49 54 46 4f 52 20 44 45 4c 41 59 20 27 30 30 3a 30 30 3a 31 35 27

Just translating that to ASCII gets this...

Code:
WAITFOR DELAY '00:00:15'

Sites like this can help:
 
Well, shucks! I knew what the 0x was, but just assumed they'd be inserting assembler instructions instead of disguised text instructions.

Thank you SamBones, for the link, too.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top