Arejae.Com

AutoIT - Connecting to SQL Server.

arejae — Sat, 19 Jul 2008 08:52:40 +0000

Playing around with AutoIt take me to next level of coding. This time I need to automate a process where in a normal situation it will involve a few people to make the whole process completed.

One of the process need a connection to MS-SQL ,execute query and and get the results. As sharing is caring, here I share how to connect to SQL-Server using AutoIt.

$conn = ObjCreate( "ADODB.Connection" )
$DSN = "DRIVER={SQL Server};SERVER=MySvr;DATABASE=MyDB;UID=MyUser;PWD=MyPwd;"
$conn.Open($DSN)
$rs = ObjCreate( "ADODB.RecordSet" )
$rs.Open( "SELECT @@VERSION AS myVersion", $conn )
MsgBox(0, "AutoIT-SQL Result", "Value = " & $rs.Fields( "myVersion" ).Value )
$conn.close

The code will produce a msg box like below.

Here you go…it’s only the basic code. You can do a lot more than this.

Have a nice weekend.

p/s: I have a job to do this weekend…..so..not a very nice weeked for me.adoii….

MSSQL - ORDER BY with a specific words

arejae — Mon, 07 Jul 2008 05:10:06 +0000

In SQL,the only option for Order by is either using Ascending or Descending. Sometimes,these two option is not possible to order the item based on your needs.

For example,let say you have a data like below and want to order by Type - Open then Close then Suspended.

Problem          Type
---------      --------
Problem 1      Suspended
Problem 2      Suspended
Problem 3      Open
Problem 4      Open
Problem 5      Close
Problem 6      Close

You cannot get the expected result based on normal Ascending or Descending. Then, how you can solve this problem using a normal SQL query ? Well, the solution is pretty much easy actually.

You just need to modify a litte bit your order by statement to get the expected. As for this case, you can solve using below query.

select * from #XX order by replace(Type,’Open’,'A’)

So the trick is to replace your value that you want to make it appear at the top. In this case,’Open’ should be at the top,so we replace it with ‘A’ . Because A should be at the first position for asc order.

Hope it solve some of your SQL problems.

Till then…happy SQL’ING.

SQL Injection Attack using T-SQL and HEXADECIMAL

arejae — Sat, 05 Jul 2008 11:19:28 +0000

SQL Injection occurs when an attacker is able to insert a series of SQL statements into a ‘query’ by manipulating data input into an application. This can be either using a web form or URL query string.

Last week, I found the sample of real case where the attacker used T-SQL combining with HEX values to do the injection.

In this post i’ll show how the SQL injection look like and the solution to revert back the effected data based on the attacked. What I can say is that, the attacker is quite a ‘nice’ person since the SQL query did not do any big harm to the data itself.

From IIS log file, below are the attacked look like. Note that all the ‘XXX’ are not the original values.

XXXX.asp?XXXXX@;DECLARE%20@S%20VARCHAR(4000);SET%20@S=

CAST(0×4445434C4XXXXXXXXXXXXX72736F7220%20

AS%20VARCHAR(4000));EXEC(@S);–

Based on above query string,the original values that executed will be like below.

DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name
FROM sysobjects a,syscolumns b
WHERE a.id=b.id AND a.xtype='u' AND
(b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167) 

OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN EXEC('UPDATE ['+@T+'] SET ['+@C+']=RTRIM(CONVERT(VARCHAR(4000),['+@C+']))+''''') 

FETCH NEXT FROM Table_Cursor INTO @T,@C 

END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

That is very powerful query whereby it will get all the tables in the database using sysobjects and look for field which are NTEXT,TEXT,NVARCHAR,VARCHAR.

Then, the query will try to update the field to add the additional values.Something like : original value + new value. See,that is why I say this guy still a ‘nice’ person. I’m not sure what will going to happen in case the statement is something else.

The solution for this is very simple where we just need to revert back the original values using below statement.Use back the same code that attacker use with minor modification to cater for our update.

SET @Sqltext = "Update [" + convert(Varchar, @tab) + "] "
IF (@xtype=231) or (@xtype=167)
SET @Sqltext = @Sqltext + "SET [" + convert(Varchar, @col) + "] = replace(["+  convert(Varchar, @col) + "], '','')"
ELSE
   SET @Sqltext = @Sqltext + "SET [" + convert(Varchar, @col) + "] = substring(["+  convert(Varchar, @col) + "],1,PATINDEX('%

(Let me know if you guys need the whole query since I notice that my sql code here is not properly displayed.)

Well, there are good and bad about this thing. I don’t want to talk about bad things.

The good things is, I learn new stuff.

On top of that, I also learn how to print getdate() using HEX and no…I’m not a hackers,crackers or attackers

Till then, adios and Have a nice weekend.

Update:

Top 15 FREE SQL Injection Scanners

Masa terlalu pantas berlalu….

arejae — Fri, 04 Jul 2008 00:05:10 +0000

Salam jumaat.

Sabtu lepas aku dikejutkan lagi dengan berita kematian. Kali ini giliran jiran aku pulak yg pergi dulu di usia awal 40an meninggalkan seorang isteri dan seorang anak yang masih kecil.

Teringat pula kisah hidup arwah one of my friend,Zul Rushdi yang juga meninggal di awal 40an.Al-fatihah utk beliau…Al-fatihah juga untuk arwah ayah,arwah-arwah muslimin dan muslimat yang telah pergi dulu meninggalkan dunia yg fana ini.

Bilakah saat kita pula yang di bawa menaiki kereta mayat ek ? Hanya Allah taala yang tahu. Yelah,dengan iman yang tak banyak nie, takut juga kalau pergi dengan keadaan yang lalai.Ampunkan dosa kami Ya-Allah…

Pantasnya masa berlalu.Rasa semacam baru jer ambik result SPM dulu..baru jer habis matrik,baru jer grad,baru jer kawin,baru jer dapat anak and macam-macam lagi yang terasa baru jer. Pejam celik dah pertengahan tahun 2008 kita yer.

anak-anak pun dah makin besar.

Anak yang sulung.Kak long.

First day nak pergi tadika,sempat posing lagi tuh.

Balik dari tadika first day,dapat hadiah lagi.

Insya-Allah,semoga kak long jadi anak yang solehah.amin.

Kak long jaga adik baik-baik yer…

Cepatnya masa berlalu..bagaimana pula dengan azam tahun baru hari tu ? any progress ?

p/s : Hari ini 4 Julai 2008 kita memasuki bulan Rejab. Bulan Rejab adalah bulan Allah swt.

MS-SQL : CHARINDEX Vs PATINDEX

arejae — Wed, 02 Jul 2008 05:23:05 +0000

CHARINDEX and PATINDEX functions return the starting position of a pattern you specify. PATINDEX can use wildcard characters while CHARINDEX cannot.

Imagine you have a BoxNo field with below values in your table.

BoxNo
——
BOX1
BOX3
BOX4
BOX30
BOX123

Using MS-SQL syntax,You will have a few options to separate those values into number.

1.)

select BoxNo,substring(BoxNo,CHARINDEX(’X',BoxNo)+1,len(BoxNo)) as No from #temp

2.)

select BoxNo,replace(BoxNo,’BOX’,”) as No from #temp

You will have a result like below:

BoxNo No
—— ——
BOX1 1
BOX3 3
BOX4 4
BOX30 30
BOX123 123

Now, again, imagine your BoxNo having values like below. The above SQL is not valid anymore since the pattern is different already.(These are my imaginary data, real data will not have something like below. :))

BoxNo
———
BB12
Box1222
MyBox35
My13
MyBoXx123

This is the time where we need to use PATINDEX instead of CHARINDEX. Your query will look like more complex already.But with same expected result of course.

Using below SQL,

select BoxNo,substring(BoxNo,PATINDEX(’[A-Z,a-z]%’,BoxNo)+(PATINDEX(’%[0-9]%’,BoxNo)-1),len(BoxNo)) as No from #temp

Will produce something like below.

BoxNo        No
-----       -----
BB12          12
Box1222     1222
MyBox35       35
My13          13
MyBoXx123    123

In real live,you will have different type of data with different pattern…this is the time where reqular expression will be your life saver.

Till then, happy SQL’ING