Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

I found a lot of weird string in my database, someone trying to get into my site?

I have a small site (MVC5) with Contact Us feature in it, this morning I found that I have hundreds of emails from a same IP. I query the results from the database and all of 'em is just a bunch of weird string and some script/SQL injection.

I've already use parameters on my database (SQL Server 2014) and whitelist filtering on all user input. Just wondering if I should be worried?

Joey'"
Joey\\'\\"
Joey'"'"'"'"
Joey AND 1=1 -- 
Joey AND 1=2 -- 
Joey" AND 1=1 -- 
Joey" AND 1=2 -- 
Joey'
Joey
Joey\'
Joey
Joey" UNION SELECT 8, table_name, 'vega' FROM information_schema.tables WHERE table_name like'%
1 AND 1=1 -- 
1 AND 1=2 -- 
' AND 1=1 -- 
' AND 1=2 -- 
" AND 1=1 -- 
" AND 1=2 -- 
Joey''
Joey' UNION SELECT 8, table_name, 'vega' FROM information_schema.taables WHERE taable_name like'%
javascript:vvv002664v506297
vbscript:vvv002665v506297
" onMouseOver=vvv002666v506297
" style=vvv002667v506297
' onMouseOver=vvv002668v506297
/../../../../../../../../../../../../etc/passwd
Joey`true`
Joey`false`
Joey`uname`
' style=vvv002669v506297
Joey"`false`"
Joey"`uname`"
Joey'true'
Joey'false'
Joey'uname'
Joey" UNION SELECT 8, table_name, 'vega' FROM information_schema.taables WHERE taable_name like'%
htTp://www.google.com/humans.txt
hthttpttp://www.google.com/humans.txt
hthttp://tp://www.google.com/humans.txt
Joey
Joey-0-0
Joey\'\"
Joey\\'\\"
Joey - 0 - 0
Joey 0 0 - -
http://vega.invalid/;?
//vega.invalid/;?
vega://invalid/;?
src=http://vega.invalid/;?
" src=http://vega.invalid/;?
Joeybogus Vega-Inject:bogus
www.google.com/humans.txt
Joeybogus Vega-Inject:bogus
Joey-0
Joey-0-9
Joey
Joey'"
Joey' UNION SELECT 8, table_name, 'vega' FROM information_schema.tables WHERE table_name like'%
Joey' AND 1=2 -- 
Joey' AND 1=1 -- 
Joey''''""""
Joey\'\"
Joey
Joey
Joey
http://www.google.com/humans.txt
Joey
Joey"`true`"
Joey
like image 464
warheat1990 Avatar asked Jun 03 '16 09:06

warheat1990


2 Answers

It looks like someone was trying to get in with SQL injection. As long as your using input validation and escaping the input you should be ok on this front. You might want to look into other ways of hardening your site, though.

Here's a resource for protecting against SQL Injection in ASP.NET. And another resource for general website hardening. Hope it helps!

like image 163
Ricardo Reyna Avatar answered Oct 29 '22 23:10

Ricardo Reyna


There doesn't appear to be anything you need to overly worry about, people will always try and exploit input forms to see if they are able to get any data back. It looks like you've done all the basic and standard methods to prevent them from getting anywhere. There are a couple of methods which you can use to stop this occurring as much.

Request Throttling

This is pretty simple you are literally just limiting the number of times a single user is able to submit data in the contact form over a period of time. There are a number of articles on this and many answers scattered over SO. The easiest method is to use the HttpRuntime cache and simply store the users IP address with an expiration time. Then on each request check the cache to make sure their IP address isn't stored in it.

IP Banning

This method is similar to the one above but a bit more long term. The easiest way is to keep track of users who are submitting multiple inquiries and if they send over 30 in the space of 10 minutes or so add their IP address into a table which you can check against and prevent them from submitting anymore inquires.

You could even use the two in conjunction.

like image 20
David Ford Avatar answered Oct 29 '22 23:10

David Ford