Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

SQL Injection Evidence? Can any body guess at what this hacker is trying to get at?

Posted on 2009-05-07
2
Medium Priority
?
534 Views
Last Modified: 2013-11-25
I found the following trace in my logs from yesterdays site activity.

Looks to me like someone has tried an SQL injection attack on my site. I tried the query string my self to make sure I was protected, which it seems I was (I use .NET params to send to the database server).

The string doesn't look like like he knows anything about my database. What do you think was being tried here?

[ 189.47.174.160, NV32ts, 189.47.174.160, http://www.site.com/cat/item.aspx?ProdId=190'+And+char(124)+(Select+Cast(Count(1)+as+varchar(8000))+char(124)+From+[sysobjects]+Where+1=1)>0+and+''=' ]
0
Comment
Question by:Cognize
2 Comments
 
LVL 17

Accepted Solution

by:
Chris Harte earned 2000 total points
ID: 24324085
Put that into google and you get a few chinese forums that are passing this around. It looks like somebody had a success with this injection and a lot of script kiddies think that all you have to do is cut and paste and it will work anywhere.

If you have an ip address that it came from in your log, find the host and report the abuse. An email saying we know what you are up to usually scares the crap out of them.
0
 
LVL 2

Author Closing Comment

by:Cognize
ID: 31578928
Some place in Brazil apparently. An email was sent to the web host. Doubt much will happen!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to connect from SSMS v17.x to a SQL Server Integration Services 2016 instance or previous version, you get the error “Connecting to the Integration Services service on the computer failed with the following error: 'The specified service …
This month, Experts Exchange sat down with resident SQL expert, Jim Horn, for an in-depth look into the makings of a successful career in SQL.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.
Introduction to Processes

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question