Solved

SQL Injection Evidence? Can any body guess at what this hacker is trying to get at?

Posted on 2009-05-07
2
444 Views
Last Modified: 2013-11-25
I found the following trace in my logs from yesterdays site activity.

Looks to me like someone has tried an SQL injection attack on my site. I tried the query string my self to make sure I was protected, which it seems I was (I use .NET params to send to the database server).

The string doesn't look like like he knows anything about my database. What do you think was being tried here?

[ 189.47.174.160, NV32ts, 189.47.174.160, http://www.site.com/cat/item.aspx?ProdId=190'+And+char(124)+(Select+Cast(Count(1)+as+varchar(8000))+char(124)+From+[sysobjects]+Where+1=1)>0+and+''=' ]
0
Comment
Question by:Cognize
2 Comments
 
LVL 16

Accepted Solution

by:
Chris Harte earned 500 total points
Comment Utility
Put that into google and you get a few chinese forums that are passing this around. It looks like somebody had a success with this injection and a lot of script kiddies think that all you have to do is cut and paste and it will work anywhere.

If you have an ip address that it came from in your log, find the host and report the abuse. An email saying we know what you are up to usually scares the crap out of them.
0
 
LVL 2

Author Closing Comment

by:Cognize
Comment Utility
Some place in Brazil apparently. An email was sent to the web host. Doubt much will happen!
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

CCModeler offers a way to enter basic information like entities, attributes and relationships and export them as yEd or erviz diagram. It also can import existing Access or SQL Server tables with relationships.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Viewers will learn how the fundamental information of how to create a table.
Viewers will learn how to use the SELECT statement in SQL to return specific rows and columns, with various degrees of sorting and limits in place.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now