| Author |
Topic |
|
Kristen
Test
22859 Posts |
 Posted - 2006-12-08 : 05:01:28
|
I've found a SQL Injection attempt trawling through some logs this morning.Sticking and char(124)+user+char(124)=0; on the end of the URLs and stuff like that.Would you do anything about these? (report to ISP or somesuch perhaps?)They have allowed cookies (although they may clear them, of course, but if not they will now have a [persistent] unique-machine cookie, and I'll get an alert if they come back again ... their user agent is just "Internet Explorer 6.0" so I doubt they are using a real browser.Kristen |
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2006-12-08 : 06:05:13
|
i personaly wouldn't do anything harsh about it.if it continues then yes.probably some kid found out about sql injection and your site looked preety enough to try it  Go with the flow & have fun! Else fight the flow  blog thingie: http://weblogs.sqlteam.com/mladenp |
 |
|
|
Kristen
Test
22859 Posts |
Posted - 2006-12-08 : 06:14:30
|
| Yeah, but I'd like to kick that kid's balls over the fence! |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2006-12-08 : 06:38:10
|
| why? because he tried something new once? come on... remember how you were and those neibhours fences?not to mention the their daughter that was over the fence Go with the flow & have fun! Else fight the flow blog thingie: http://weblogs.sqlteam.com/mladenp |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2006-12-08 : 06:45:36
|
| Yeah, my balls were always on the other side of the fence!I don't know it was a one off. He may hacking all around the world for all I know. Attempted theft, or disrupting a business, is not the sort of thing I classify as a childish prank.Kristen |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2006-12-08 : 06:51:45
|
| well was it a one off?if it wasn't then report him. but if it was then let it go...Go with the flow & have fun! Else fight the flow blog thingie: http://weblogs.sqlteam.com/mladenp |
|
|
|
elwoos
Master Smack Fu Yak Hacker
2052 Posts |
Posted - 2006-12-08 : 08:10:13
|
| KristenI mostly agree with Spirit here even though this is topical for me too. I (have a friend who) once tried SQL injection, just after learning about it, on some "random" website. Merely to see if it would work. In my (friends) case it would be much more likely that it would have been reported to the webmaster and any information discovered wouldn't have gone anywhere other than the recycle bin.Having said that, if there is another attempt that appears to be from the same source then send in the troops and the KGB (Kristen's Guerilla Bot)steve-----------Don't worry head. The computer will do all the thinking from now on. |
|
|
|
SwePeso
Patron Saint of Lost Yaks
30421 Posts |
Posted - 2006-12-08 : 08:25:22
|
| I hope all your ASP pages uses command object with parameters to interface with database?Peter LarssonHelsingborg, Sweden |
|
|
|
spirit1
Cybernetic Yak Master
11752 Posts |
Posted - 2006-12-08 : 08:34:22
|
| his command object doesn't interface with the database at all.It's all suggestional Go with the flow & have fun! Else fight the flow blog thingie: http://weblogs.sqlteam.com/mladenp |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2006-12-08 : 08:39:22
|
| "I hope all your ASP pages uses command object with parameters to interface with database?"Yup, cheers for that Peso, but I haven't got any worries (but no complacency either) about the security aspects.Kristen |
|
|
|
rockmoose
SQL Natt Alfen
3279 Posts |
Posted - 2006-12-08 : 10:19:43
|
| I have seen plenty of attempts of "url-hacking", and I could probably find attempts of sql-injection too.You know people trying to access http://.../config.asp.old and that kind of stuff.> "I hope all your ASP pages uses command object with parameters to interface with database?"What, there's another way ? rockmoose |
|
|
|
blindman
Master Smack Fu Yak Hacker
2365 Posts |
Posted - 2006-12-08 : 10:24:57
|
| "and char(124)+user+char(124)=0;"What would he gain from that?STAR SCHEMAS ARE NOT DATA WAREHOUSES! |
|
|
|
Kristen
Test
22859 Posts |
Posted - 2006-12-08 : 11:05:19
|
| "What would he gain from that?"In my case nothing - maybe it was fishing to see what happened.I posted the most benign sample, some of the follow-on stuff might be more rewarding on an unprotected system.Following on from Spirit1's point:"probably some kid found out about sql injection and your site looked preety enough to try it "I didn't see anything terribly likely to succeed, but maybe this is a specific set of commands known to cause a specific weakness to fail - for example [hopefully?!] some of our competitor eCommerce packages!Kristen |
|
|
|
|
Hacker Found