Menu
Possible Duplicate:
Site has been hacked via SQL Injection
Looks like one of my websites had a hacker attempt on it, my reports showed the following querystring data attempted:
QUERY_STRING = ID=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-
It failed because any integer parameter I always cast to an integer so you get mismatch errors if anything like this is tried (classic ASP). But I'm confused what the query above is attempting? It doesn't look like anything I've seen before.
826
take a look at: Site has been hacked via SQL Injection
at a first look a guess it was some automatic tool doing some blind sql injection.
174
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
