JP Vossen on 27 Mar 2010 16:17:00 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] slightly OT: finding SQL injection in M$ logs with grep

On Friday Ben Love said:
> Unfortunately, MS SQL logs are entirely Binary.  If you want, you can
> pay lots of money for programs that will examine your SQL logs.  (It's
> Microsoft; all utilities are 3rd party and expensive.  What did you
> think was going to happen?)

Bah.  That "black box" (that never quite works right) mentality is a big 
part of why I hate M$ crap.

This is a *long* shot, but, ironically, the free MS Log Parser Toolkit 
[1] **might** be of some use.  I eyeballed the input formats in the book 
[2] I have, and there is no mention of MS SQL.  But there are a number 
of binary formats, esp. from IIS.  Maybe it's possible that one would 
work, or that someone has figured out some kind of hack?  Like I said, 
long shot but I figured I'd at least mention it.

Come to think of it, there is probably no technical reason why reverse 
engineering to write a decoder would be hard.  There might be legal 
issues though.  May be worth a Google for that...

Good luck,
[1] MS Log Parser Toolkit


JP Vossen, CISSP            |:::======|
My Account, My Opinions     |=========|
"Microsoft Tax" = the additional hardware & yearly fees for the add-on
software required to protect Windows from its own poorly designed and
implemented self, while the overhead incidentally flattens Moore's Law.
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --