1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

Strange SQL Injection attempt against my server

Discussion in 'Security' started by systematical, Apr 9, 2010.

  1. #1
    I found this sql injection attempt against my server:

    Code (Text):
    1.  
    2. ') declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --
    3.  
    The attempt failed because the forms it was attempted against only send emails, non the less I believe my server-side string cleaners would have halted this. Really I am just trying to understand what this is doing..? This looks much different from most sql injection attempts I've seen and performed in security tests.
     
    systematical, Apr 9, 2010 IP
  2. nikb

    nikb Peon

    Messages:
    93
    Likes Received:
    1
    Best Answers:
    0
    Trophy Points:
    0
    #2
    That means
    Code (Text):
    1. select WAITFOR DELAY '00:00:15'--
    Hacker tried use waiting functions and analyze response times to test if blind SQL injection is possible.
     
    nikb, Apr 10, 2010 IP
  3. SirGod

    SirGod Peon

    Messages:
    11
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #3
    The wannabe hacker used a automatic vulnerability scanner. If I remember correctly, Acunetix tries Blind SQL Injection(Timing) with such queries.
     
    SirGod, Apr 13, 2010 IP
  4. superhacker

    superhacker Peon

    Messages:
    5
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    it was an sqli helper.
     
    superhacker, Apr 15, 2010 IP
  5. Scoding

    Scoding Active Member Premium Member

    Messages:
    1,066
    Likes Received:
    16
    Best Answers:
    0
    Trophy Points:
    95
    #5
    Acunetix tried to inject my server too, failed attempt, kid needs to get a life ;)
     
    Scoding, Apr 20, 2010 IP
  6. Ulquiorra

    Ulquiorra Peon

    Messages:
    423
    Likes Received:
    13
    Best Answers:
    0
    Trophy Points:
    0
    #6
    Acunetix is not the name of a person >.<
     
    Ulquiorra, Apr 21, 2010 IP
  7. bageshsingh

    bageshsingh Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Hi I found sql injection on my site please check what is the meaning declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --

    1 declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --

    1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --


    ) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --
     
    bageshsingh, Feb 24, 2011 IP
  8. bageshsingh

    bageshsingh Peon

    Messages:
    2
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #8
    I found on my database please suggest what is thie

    declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --

    1 declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --

    1) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --


    ) declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) --
     
    bageshsingh, Feb 24, 2011 IP
  9. submitmaster

    submitmaster Active Member

    Messages:
    330
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    53
    #9
    wondering, do you have any wordpress installed on that same server?
     
    submitmaster, Feb 24, 2011 IP