3

Possible Duplicate:
Site has been hacked via SQL Injection

Looks like one of my websites had a hacker attempt on it, my reports showed the following querystring data attempted:

QUERY_STRING = ID=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-

It failed because any integer parameter I always cast to an integer so you get mismatch errors if anything like this is tried (classic ASP). But I'm confused what the query above is attempting? It doesn't look like anything I've seen before.

Community
  • 1
  • 1
Tom Gullen
  • 61,249
  • 84
  • 283
  • 456

1 Answers1

4

take a look at: Site has been hacked via SQL Injection

at a first look a guess it was some automatic tool doing some blind sql injection.

Community
  • 1
  • 1
Rui Lima
  • 7,185
  • 4
  • 31
  • 42
  • 3
    You'd normally vote as "close as duplicate" or flag it, but I see you don't have enough reputation – gbn Jul 11 '11 at 09:12
  • You have enough to "flag" now :-) – gbn Jul 11 '11 at 09:28
  • But do you really think that I should flag it?! I don't want to do it. Flag is just a bad word :p – Rui Lima Jul 11 '11 at 10:40
  • 1
    @Rui Lima: I'm sure @gbn was talking about 'flagging' in a broader sense. He meant voting for closing the question, undoubtedly. (Just wanted to clarify it.) – Andriy M Jul 11 '11 at 12:32