Posted on 2006-05-22
I have just been looking into the server logs for a site of mine and saw a request with the querystring:
Which when entered into an explorer page displays...
[Microsoft][ODBC Microsoft Access Driver] Syntax error. in query expression 'intProductID = 42 or 1=convert(int,(select @@version+'/'+@@servername+'/'+db_name()+'/'+system_user))--sp_password'.
/includes/view_product.asp, line 6
Was this someone trying to gain access to the DB and see whats in it?
I would be greatful for any information of what this query string is trying to do.