SQL Injection Decoding




Posts: 22

Joined: Thu Nov 15, 2012 12:35 pm

Post Tue Apr 23, 2013 10:11 am

SQL Injection Decoding

Hello all,

I'm having an issue decoding some SQL injection attacks. I've put them through a few decoders, but haven't come up with anything that makes sense.

Has anyone had any luck with certain tools or sites that assist with decoding? I've tried a few, but was curious of your experience on doing this. Sometimes I see things are encoded multiple times.



User avatar

Hero Member
Hero Member

Posts: 1718

Joined: Mon Jan 29, 2007 2:59 pm

Post Tue Apr 23, 2013 10:58 am

Re: SQL Injection Decoding

There are literally TONS of good sites for doing encode / decode on strings.  Just depends on the format / encoding type you're using.

A couple of examples:

URL encoding:

Base 64:



I could go on for days. Perhaps if there's a certain format you're looking for?

As far as muti-encoded, if you don't know what the multi- steps / formats are, and if they don't appear obvious, then at that point, it's largely trial and error...
~ hayabusa ~ 

"All men can see these tactics whereby I conquer,
but what none can see is the strategy out of which victory is evolved."
- Sun Tzu, 'The Art of War'

OSCE, OSCP (Former - GPEN, C|EH - both expiring / expired)


User avatar

Sr. Member
Sr. Member

Posts: 345

Joined: Fri Jul 20, 2012 3:34 pm

Post Tue Apr 23, 2013 2:46 pm

Re: SQL Injection Decoding

@matt81 Are you able to provide an anonymized example of one the attacks?

I'm pretty sure someone here will be able to figure it out, or at least enjoy the challenge. ;)
Security + | OSWP | eCPPT (Silver & Gold) | CSTA

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 4 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software