Irregular Expressions

Aug 16 2010   5:02PM GMT

The SQL CAST statement..

Dan O'Connor Dan O'Connor Profile: Dan O'Connor

I have played with this before, the most effective method I found of blocking these was looking for the CAST statement itself.

The statement at least from the ones that I was playing with all had a “CAST”, “SET”, “VARCHAR”, and “EXEC”.  I found that some of vendors seem to be looking for the HEX or some mix because I made variations of the HEX made over and over again until it made its way through with the same SELECT statement.  I found the best way to detect these events was to look for the “CAST” with the other markers, in my case there was no use for “CAST” in my network so I just started to alert on all of that.

This is a good break down and decode, its worth reading!

 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: