SQL Injection Evidence? Can any body guess at what this hacker is trying to get at?
Posted on 2009-05-07
I found the following trace in my logs from yesterdays site activity.
Looks to me like someone has tried an SQL injection attack on my site. I tried the query string my self to make sure I was protected, which it seems I was (I use .NET params to send to the database server).
The string doesn't look like like he knows anything about my database. What do you think was being tried here?
[ 220.127.116.11, NV32ts, 18.104.22.168, http://www.site.com/cat/item.aspx?ProdId=190'+And+char(124)+(Select+Cast(Count(1)+as+varchar(8000))+char(124)+From+[sysobjects]+Where+1=1)>0+and+''=' ]