[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 536
  • Last Modified:

SQL Injection Evidence? Can any body guess at what this hacker is trying to get at?

I found the following trace in my logs from yesterdays site activity.

Looks to me like someone has tried an SQL injection attack on my site. I tried the query string my self to make sure I was protected, which it seems I was (I use .NET params to send to the database server).

The string doesn't look like like he knows anything about my database. What do you think was being tried here?

[ 189.47.174.160, NV32ts, 189.47.174.160, http://www.site.com/cat/item.aspx?ProdId=190'+And+char(124)+(Select+Cast(Count(1)+as+varchar(8000))+char(124)+From+[sysobjects]+Where+1=1)>0+and+''=' ]
0
Cognize
Asked:
Cognize
1 Solution
 
Chris HarteThaumaturgeCommented:
Put that into google and you get a few chinese forums that are passing this around. It looks like somebody had a success with this injection and a lot of script kiddies think that all you have to do is cut and paste and it will work anywhere.

If you have an ip address that it came from in your log, find the host and report the abuse. An email saying we know what you are up to usually scares the crap out of them.
0
 
CognizeAuthor Commented:
Some place in Brazil apparently. An email was sent to the web host. Doubt much will happen!
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now