We have a web form that can be filled out with text fields and then they get emailed to us at work. Today we got some SQL commands it looks like in a bunch of emails. I just would like to have a bit general knowledge of what they were trying to do. I copied every command they sent through and have it below:
All I am asking is what were they trying to do?
&dir
--
or 1=1--
#
convert(varchar,0x7b5d)
bad_bad_value'
'+convert(int,convert(varchar,0x7b5d))+'
char(39)
convert(varchar,0x7b5d)
'
/*
convert(int,convert(varchar,0x7b5d))
'
9,9,9
convert(int,convert(varchar,0x7b5d))
' or 1=1--
%27
'+convert(varchar,0x7b5d)+'
tqedbt
and 1=1;--
x || ping -n 3 127.0.0.1 &
& ping -n 3 127.0.0.1 &
and 1=1
index.cfm
Aucun commentaire:
Enregistrer un commentaire