How to Decipher Strings Originating from SQL Injection Attacks

a-foton » How to Decipher Strings Originating from SQL Injection Attacks

a-foton » How to Decipher Strings Originating from SQL Injection Attacks — Wed, 10 Sep 2008 00:37:58 GMT

PingBack from http://blog.a-foton.ru/2008/09/how-to-decipher-strings-originating-from-sql-injection-attacks/

re: How to Decipher Strings Originating from SQL Injection Attacks

tony roth — Wed, 10 Sep 2008 00:39:35 GMT

you have a warped sense of cool, but your right its cool!

re: How to Decipher Strings Originating from SQL Injection Attacks

Barry Kelly — Wed, 10 Sep 2008 05:19:18 GMT

The data are just hex-encoded ASCII values. Seems to me it would be much safer to translate those directly rather than feed it through a SQL server instance.

re: How to Decipher Strings Originating from SQL Injection Attacks

Roberto Farah — Wed, 10 Sep 2008 11:04:24 GMT

I know it's hex-encoded ASCII :) I didn't know that using SQL Server we could translate it. It's way faster and simpler than using WinDbg, for example.

re: How to Decipher Strings Originating from SQL Injection Attacks

skyemark — Wed, 24 Sep 2008 20:30:11 GMT

We've been getting hit hard for a few months now. When the injection code is found in the querystring we redirect to a page that doesn't exist. We were hoping if the bots got enough 404 errors they would leave us alone, but that's not working. Anyone know of a poison pill we can send back to them?

re: How to Decipher Strings Originating from SQL Injection Attacks

John H. — Wed, 01 Oct 2008 23:45:26 GMT

To speed things up I've stopped giving any response to these. I'm sure enough of my own code, that I parse my inbound variables for semicolons -- If I find one, I abort the page and don't send any response.

If nothing else, it speeds up my server a little.