On 21/06/15 18:55, Richard wrote: >>> OK - this had no chance of success since publish_date_desc is >>> >> processed using the _desc ( or _asc ) and any invalid data >>> >> stripped >>> >> >>> >> >>> >> &sort_mode=publish_date_desc%20or%20(1,2)=(select*from(select%20n >>> >> ame_const(CHAR(111,108,111,108,111,115,104,101,114),1),name_const >>> >> (CHAR(111,108,111,108,111,115,104,101,114),1))a)%20--%20and%201%3 >>> >> D1 >>> >> >>> >> The question is more of interest in just what it was trying to >>> >> achieve? I presume hack MySQL? So Firebird would barf anyway, but >>> >> just trying to something that has generated some several hundred >>> >> error log entries in the last two days ... >>> >> >>> >> Lester Caine - G8HFL >>> >> >>> >> >> > The sub-query is invalid, if valid it would've been equivalent to: >> > or (1,2)=(select*from(select 'b2xvbG9zaGVy' as 1, 'b2xvbG9zaGVy' >> > as 1))a) -- and 1=1 >> > >> > Seems non threatening to me. > Regardless of whether this specific attack could have resulted in > harmful sql injection or not, user input should be sanitized so that > things never get this far. ? That is taken direct off the URL! Sod all I can do to prevent it, but I was simply asking if I was missing something as it did not make any sense? It got no further than the error log but as I said several hundred attempts via a few different filter options all of which suggested something that was expected to work if the site was a vulnerable mysql powered site ... which it's not. Seems that is just a pointless URL rather than some recently identified potential vulnerability? -- Lester Caine - G8HFL ----------------------------- Contact - http://lsces.co.uk/wiki/?page=contact L.S.Caine Electronic Services - http://lsces.co.uk EnquirySolve - http://enquirysolve.com/ Model Engineers Digital Workshop - http://medw.co.uk Rainbow Digital Media - http://rainbowdigitalmedia.co.uk -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
