Re: Interpreting a GET

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Re: Interpreting a GET
From: Sergei <sergei.franco@xxxxxxxxx>
Date: Tue, 26 Aug 2014 09:04:48 +1200
In-reply-to: <1B0DC67A-BEA6-4CCC-9486-9AD014562929@GilDawson.com>
Reply-to: users@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.24) Gecko/20100317 Thunderbird/2.0.0.24 Mnenhy/0.7.5.0

It is an attempt at SQL injection.

Sergei.

On 26/08/14 08:52, Gil Dawson wrote:

This critter appears in my log sometimes:

113.161.88.70 - - [24/Aug/2014:00:29:49 -0700] "GET /?C=D;O=A'+union+select+char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33)+--+ HTTP/1.1" 200 5630

Apache apparently understands it (and returns 200 5630). I didn't find "char(" in RFC2616 nor a Google Search of the Apache documentation.

Any idea what it is?

--Gil

References:
- AJP Errors?
  - From: Smith, Burton
- Interpreting a GET
  - From: Gil Dawson

Prev by Date: Interpreting a GET
Next by Date: can't start server after adding coldfusion
Previous by thread: Interpreting a GET
Next by thread: Re: AJP Errors?
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]