XCtM QueryString Module handling.
When you start using VBCompare with SQL Injection or HEX querystrings we often times run into issues that the script creator knows about but we don't.
It might be better to always encode and compare then to just compare.
Here's part of the XCtM API that encodes every QuerySting then compares strings like a virus check would do of known injection strings and then passes the decoded querystring to the proper functions.
This simple ASCII list will be your starting point for our floating OffSet.
What I mean by floating is each SQL Injection word, phrase, line can be assigned it's own offset so no single offset will work with the full range of scans.
Hang on, this I will clear up in a minute.
You can build on this by adding additional encoding or simply by adding a salt.
Each Word can have it's own offset which will make guessing all that much more difficult.
In the examples you can see the same word using different offsets so the encoding will be different based on the ASCII offset.
So what happens when you go outside the realm of the ASCII length?</p>
Ok you have the basics but you could still be confused. Let me show you one example.
Starting with the SQL Injection word
TEST = SDRS OffSet = 1
TEST = RCQR OffSet = 2
TEST = QBPQ OffSet = 3
TEST = PAOP OffSet = 4
TEST = O@NO OffSet = 5
TEST = N?MN OffSet = 6
TEST = M>LM OffSet = 7
TEST = L=KL OffSet = 8
TEST = K
TEST = J;IJ OffSet = 10
TEST = I:HI OffSet = 11
and so on.
This method can be then split into groupings of 5, 10, 15, 25, etc to make it even more effective.
The encoded word is then matched to the querystring that is encoded.
Here are the encoders for this project:
strSQL_OffSet = 1 'use 1 to 36 or greater if you confirm your code
strSQLWord = MnWURLEncode(strSQLWord)
strSQLWord = MnWEncodeString(strSQLWord,strSQL_OffSet)
MnWURLEncode = ""
MnWURLEncode = Server.URLEncode(str)
MnWEncodeString = ""
Word1 = ""
Word2 = ""
Word1 = stThis
Word2 = ""
'Find ASCII representation for each character and subtract 1
For I = 1 To Len(Word1)
Word2 = Word2 + Chr(Asc(Mid(Word1, I, 1)) - cInt(stOffSet))
MnWEncodeString = MnWEncodeIntoSQLDB(Word2)
strF = Trim(strF)
MnWEncodeIntoSQLDB = ""
If strF = "" Then
strCharC = "'"
strCharR = "''"
If InStr(strF,strCharC) <> 0 Then
strF = Replace(strF,strCharC,strCharR, 1, -1, 1)
MnWEncodeIntoSQLDB = strF
Note: If you use the code above be sure you edit to match your own specific code.
If you're a .Net or PhP developer this is easy to read for you and should work just fine.
Next step is to decode the HEX 0x strings of attack which I'll get to in a day or so.
The encode examples of forward encoding where all strings are encoded and decoded no matter what and those that are only encoded at th
Encoding and Decoding really has two (2) options.
1. Encode and Decode every page.
2. Encode and Decode only when needed.
Because I use an API to do all the work I encode after most of the time but I do use the encode to decode process when I need or would like Google to index my encoded querystrings for better bookmarking.