1. Anuncie Aqui ! Entre em contato fdantas@4each.com.br
Anuncie aqui Patrocinador Anuncios

[SQL] SQL injection attack. Best possible defense review

Discussão em 'Outras Linguagens' iniciado por Stack, Outubro 17, 2024 às 12:32.

  1. Stack

    Stack Membro Participativo

    For the last few days my logs have been revealing an attack on my system. I don't know what they are trying to accomplish? They seem to be attacking my style sheets only with GETS and POSTS to them.

    the queries they are running are variations of this. ' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# %' ORDER BY 9978# %' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

    Should I be concerned? what are they trying to access? How can I stop them from accessing whatever they are looking for? (I have prepared statements, so I am not too worried, but still just want to know so I can build the best defense possible.) Thank you in advance

    LOG file

    GET /styles.css?ts=1642369117%27%20ORDER%20BY%201%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20ORDER%20BY%201%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20ORDER%20BY%208912%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20ORDER%20BY%208912%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%201%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%201%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%209978%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%209978%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
    GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0

    Continue reading...
    Stack, Outubro 17, 2024 às 12:32
    #1

Compartilhe esta Página