SQL Injection Evidence? Can any body guess at what this hacker is trying to get at?
I found the following trace in my logs from yesterdays site activity.
Looks to me like someone has tried an SQL injection attack on my site. I tried the query string my self to make sure I was protected, which it seems I was (I use .NET params to send to the database server).
The string doesn't look like like he knows anything about my database. What do you think was being tried here?
[ 189.47.174.160, NV32ts, 189.47.174.160, http://www.site.com/cat/item.aspx?ProdId=190'+And+char(124)+(Select+Cast(Count(1)+as+varchar(8000))+char(124)+From+[sysobjects]+Where+1=1)>0+
Looks to me like someone has tried an SQL injection attack on my site. I tried the query string my self to make sure I was protected, which it seems I was (I use .NET params to send to the database server).
The string doesn't look like like he knows anything about my database. What do you think was being tried here?
[ 189.47.174.160, NV32ts, 189.47.174.160, http://www.site.com/cat/item.aspx?ProdId=190'+And+char(124)+(Select+Cast(Count(1)+as+varchar(8000))+char(124)+From+[sysobjects]+Where+1=1)>0+
Asked:
Who is Participating?
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
All Courses
From novice to tech pro — start learning today.
If you have an ip address that it came from in your log, find the host and report the abuse. An email saying we know what you are up to usually scares the crap out of them.