I have been getting a number of attacks on my website lately, with a User-Agent of NV32ts.
They all are some variation of the following injection attacks against a querystring variable (where 99999 represents a valid querystring value, the attack is appended to the value):
(For convenience I have urldecoded the following attacks)
999999 And char(124)+(Select Cast(Count(1) as varchar(8000))+char(124) From [sysobjects] Where 1=1)>0
or
999999' And char(124)+(Select Cast(Count(1) as varchar(8000))+char(124) From [sysobjects] Where 1=1)>0 and ''='
or
999999' And char(124)+(Select Cast(Count(1) as varchar(8000))+char(124) From [sysobjects] Where 1=1)>0 and ''='
I believe that sysobjects has something to do with the Sql Server master database, but I can't figure out what they are trying to accomplish.
Edit: I have now seen these same things with two different user agents:
I read this one two ways, but I'm not 100% sure which:
And
rather than Or
.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With