What is this hacker trying to do?

sql-server windows tsql security sql-injection
JW. picture JW. · May 28, 2010 · Viewed 7.2k times · Source

If you do a search for:

http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N

you will see a lot of examples of an attempted hack along the lines of:

1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --

What is exactly is it trying to do? Which db is it trying to work on? Do you know of any advisories about this?

Answer

rook picture rook · May 28, 2010

He is testing your server for SQL Injection, specifically this is a robust test that will work even if its Blind SQL Injection. Blind SQL Injection is when an attacker is able to execute SQL however, there isn't a viewable response. If the http request takes at least 15 seconds the attacker will know that he can execute SQL, and that your running MS-SQL. After this attack he will follow it up with a xp_cmpdshell() to infect your server.

Related questions

Can't connect to SQL 2012 remotely by IP and named instance

First off, I already know that Windows Firewall is blocking my connection -- I just don't know what to do about it. When I turn WF all the way off, my remote connection works. I already have a Rule to …

Read More
Access denied for enabled xp_cmdshell for the admin user

I'm using xp_cmdshell within a database trigger to launch a exe file. xp_cmdshell is enabled(it can execute simple cmd command like 'echo'). But when I try to launch the exe through xp_cmdshell, the access is denied. …

Read More
exception has been thrown by a target of invocation in Visual Studio 2013

Today when I opened Visual Studio 2013 Professional Edition, I got the error exception has been thrown by a target of invocation. Also I tried to open ILSpy to debug a dll, but it crashed. I think that it might be …

Read More