FUDforum: comp.lang.php » What is this attack trying to do?

Home » Imported messages » comp.lang.php » What is this attack trying to do?

Show: Today's Messages :: Polls :: Message Navigator

Re: What is this attack trying to do? [message #178241 is a reply to message #178235]

Thu, 24 May 2012 11:34

Thomas 'PointedEars'
Messages: 701
Registered: October 2010

Karma:

Senior Member

Robert Heller wrote:

> The Natural Philosopher wrote:
>> GET
>>
mycode.php?param=-24+UNION+SELECT+0x6d6567613164756d706572,0x6d656761326475 6d706572,0x6d6567613364756d706572,0x6d6567613464756d706572,0x6d656761356475 6d706572,0x6d6567613664756d706572,0x6d6567613764756d706572,0x6d656761386475 6d706572,0x6d6567613964756d706572,0x6d65676131064756d706572
>>
>> ???
>>
>> It doesn't do any damage but a botnet has been spraying a site with this.
>
> There is probably some websoftware out there with a mycode.php with some
> sort of security hole and the botnet is poking at every web host it can
> find looking for a hole to crawl in. Botnets are not always smart and
> sometimes just use 'mindless' brute force and keep pounding until
> something gives...

The security hole here probably includes a vulnerability to an SQL
injection attack, as the "UNION SELECT" produced from this query part by
urldecode()d would suggest. A lot of information about this attack can be
found via Google, for example when using "0x6d6567613164756d706572" as
keyword.

<http://php.net/urldecode>

PointedEars
--
> If you get a bunch of authors […] that state the same "best practices"
> in any programming language, then you can bet who is wrong or right...
Not with javascript. Nonsense propagates like wildfire in this field.
-- Richard Cornford, comp.lang.javascript, 2011-11-14

Report message to a moderator

[Message index]

		What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 02:22
		Re: What is this attack trying to do? By: Robert Heller on Thu, 24 May 2012 03:28
		Re: What is this attack trying to do? By: Thomas 'PointedEars' on Thu, 24 May 2012 11:34
		Re: What is this attack trying to do? By: Denis McMahon on Thu, 24 May 2012 14:40
		Re: What is this attack trying to do? By: The Natural Philosoph on Thu, 24 May 2012 21:50
		Re: What is this attack trying to do? By: Captain Paralytic on Wed, 30 May 2012 11:46
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 12:20
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 14:06
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 14:28
		Re: What is this attack trying to do? By: Robert Heller on Wed, 30 May 2012 17:30
		Re: What is this attack trying to do? By: The Natural Philosoph on Wed, 30 May 2012 21:27

Previous Topic:	How best to print an array to table?
Next Topic:	CFP - DEIS2012 - Czech Republic - SDIWC

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Jul 05 16:03:17 GMT 2024

Total time taken to generate the page: 0.06209 seconds