If you do a search for:
http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N
you will see a lot of examples of an attempted hack along the lines of:
1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --
What is exactly is it trying to do? Which db is it trying to work on? Do you know of any advisories about this?
Social security numbers are the main target - they are worth much more to identity thieves to commit miscellaneous crimes pretending to be someone else. Hackers can open new credit and bank accounts, commit tax fraud, access brokerage accounts, get medical treatment or even apply for various benefits.
Computer hackers are unauthorized users who break into computer systems in order to steal, change or destroy information, often by installing dangerous malware without your knowledge or consent. Their clever tactics and detailed technical knowledge help them access the information you really don't want them to have.
Some common reasons for hacking include basic bragging rights, curiosity, revenge, boredom, challenge, theft for financial gain, sabotage, vandalism, corporate espionage, blackmail, and extortion. Hackers are known to regularly cite these reasons to explain their behavior.
He is testing your server for SQL Injection, specifically this is a robust test that will work even if its Blind SQL Injection. Blind SQL Injection is when an attacker is able to execute SQL however, there isn't a viewable response. If the http request takes at least 15 seconds the attacker will know that he can execute SQL, and that your running MS-SQL. After this attack he will follow it up with a xp_cmpdshell() to infect your server.
According to http://bytes.com/topic/mysql/answers/888849-hacker-attempt it looks like it's trying to run:
WAITFOR DELAY '00:00:15'
As others have pointed out it's not a DOS attack (as I originally stated) but merely a way to easily determine if the SQL Server is vulnerable and can be added to a list of hosts to perhaps further hack away at later on.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With