FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » What is this attack trying to do?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: What is this attack trying to do? [message #178241 is a reply to message #178235] Thu, 24 May 2012 11:34 Go to previous messageGo to previous message
Thomas 'PointedEars'  is currently offline  Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
Senior Member
Robert Heller wrote:

> The Natural Philosopher wrote:
>> GET
>>
mycode.php?param=-24+UNION+SELECT+0x6d6567613164756d706572,0x6d656761326475 6d706572,0x6d6567613364756d706572,0x6d6567613464756d706572,0x6d656761356475 6d706572,0x6d6567613664756d706572,0x6d6567613764756d706572,0x6d656761386475 6d706572,0x6d6567613964756d706572,0x6d65676131064756d706572
>>
>> ???
>>
>> It doesn't do any damage but a botnet has been spraying a site with this.
>
> There is probably some websoftware out there with a mycode.php with some
> sort of security hole and the botnet is poking at every web host it can
> find looking for a hole to crawl in. Botnets are not always smart and
> sometimes just use 'mindless' brute force and keep pounding until
> something gives...

The security hole here probably includes a vulnerability to an SQL
injection attack, as the "UNION SELECT" produced from this query part by
urldecode()d would suggest. A lot of information about this attack can be
found via Google, for example when using "0x6d6567613164756d706572" as
keyword.

<http://php.net/urldecode>


PointedEars
--
> If you get a bunch of authors […] that state the same "best practices"
> in any programming language, then you can bet who is wrong or right...
Not with javascript. Nonsense propagates like wildfire in this field.
-- Richard Cornford, comp.lang.javascript, 2011-11-14
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: How best to print an array to table?
Next Topic: CFP - DEIS2012 - Czech Republic - SDIWC
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 06:41:11 GMT 2024

Total time taken to generate the page: 0.04594 seconds