When I forensic some logs of websites, I found that many many attack use char() for evasion detection or hard to find malicious code. So I created this simple script for decoding all char() in the log file into ascii character for human reading.
./decoding_char_sql.sh logfiles.log
Example logfiles.log:
target.com/testing.php?vulnparam=1000'+update+tablenames+set+value=cast(value+as+varchar(
No comments:
Post a Comment