Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 542
  • Last Modified:

SQL Injection Evidence? Can any body guess at what this hacker is trying to get at?

I found the following trace in my logs from yesterdays site activity.

Looks to me like someone has tried an SQL injection attack on my site. I tried the query string my self to make sure I was protected, which it seems I was (I use .NET params to send to the database server).

The string doesn't look like like he knows anything about my database. What do you think was being tried here?

[ 189.47.174.160, NV32ts, 189.47.174.160, http://www.site.com/cat/item.aspx?ProdId=190'+And+char(124)+(Select+Cast(Count(1)+as+varchar(8000))+char(124)+From+[sysobjects]+Where+1=1)>0+and+''=' ]
0
Cognize
Asked:
Cognize
1 Solution
 
Chris HarteThaumaturgeCommented:
Put that into google and you get a few chinese forums that are passing this around. It looks like somebody had a success with this injection and a lot of script kiddies think that all you have to do is cut and paste and it will work anywhere.

If you have an ip address that it came from in your log, find the host and report the abuse. An email saying we know what you are up to usually scares the crap out of them.
0
 
CognizeAuthor Commented:
Some place in Brazil apparently. An email was sent to the web host. Doubt much will happen!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get 10% Off Your First Squarespace Website

Ready to showcase your work, publish content or promote your business online? With Squarespace’s award-winning templates and 24/7 customer service, getting started is simple. Head to Squarespace.com and use offer code ‘EXPERTS’ to get 10% off your first purchase.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now