Lester Caine lester@lsces.co.uk [firebird-support]
2014-09-20 08:22:45 UTC
One of my sites is being hit with an attempt to hack into it or at least
that is what I assume. The following SQL is being added where they think
it will get processed
+AND+(SELECT+8041+FROM(SELECT+COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT+(CASE+WHEN+(8041%3D8041)+THEN+1+ELSE+0+END)),0x3a70687a3a,floor(rand(0)%2A2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a)+AND+(7609%3D7609
---probably truncated?----
I can see traffic about INFORMATION_SCHEMA.CHARACTER_SETS being missing
and people needing to update to MySQL 5, but I am a little curious as to
what this is trying to achieve?
Needless to say my framework does not allow any injections like this to
be processed anyway. It's just creating a lot of traffic on the error
log and if it persists I'll add some handling and create a page saying
why Firebird does not suffer from that vulnerability ;)
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
------------------------------------
Posted by: Lester Caine <***@lsces.co.uk>
------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu. Try FAQ and other links from the left-side menu there.
Also search the knowledgebases at http://www.ibphoenix.com/resources/documents/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
------------------------------------
Yahoo Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/firebird-support/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/firebird-support/join
(Yahoo! ID required)
<*> To change settings via email:
firebird-support-***@yahoogroups.com
firebird-support-***@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
firebird-support-***@yahoogroups.com
<*> Your use of Yahoo Groups is subject to:
https://info.yahoo.com/legal/us/yahoo/utos/terms/
that is what I assume. The following SQL is being added where they think
it will get processed
+AND+(SELECT+8041+FROM(SELECT+COUNT(%2A),CONCAT(0x3a6f79753a,(SELECT+(CASE+WHEN+(8041%3D8041)+THEN+1+ELSE+0+END)),0x3a70687a3a,floor(rand(0)%2A2))x+FROM+INFORMATION_SCHEMA.CHARACTER_SETS+GROUP+BY+x)a)+AND+(7609%3D7609
---probably truncated?----
I can see traffic about INFORMATION_SCHEMA.CHARACTER_SETS being missing
and people needing to update to MySQL 5, but I am a little curious as to
what this is trying to achieve?
Needless to say my framework does not allow any injections like this to
be processed anyway. It's just creating a lot of traffic on the error
log and if it persists I'll add some handling and create a page saying
why Firebird does not suffer from that vulnerability ;)
--
Lester Caine - G8HFL
-----------------------------
Contact - http://lsces.co.uk/wiki/?page=contact
L.S.Caine Electronic Services - http://lsces.co.uk
EnquirySolve - http://enquirysolve.com/
Model Engineers Digital Workshop - http://medw.co.uk
Rainbow Digital Media - http://rainbowdigitalmedia.co.uk
------------------------------------
Posted by: Lester Caine <***@lsces.co.uk>
------------------------------------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Visit http://www.firebirdsql.org and click the Documentation item
on the main (top) menu. Try FAQ and other links from the left-side menu there.
Also search the knowledgebases at http://www.ibphoenix.com/resources/documents/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
------------------------------------
Yahoo Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/firebird-support/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/firebird-support/join
(Yahoo! ID required)
<*> To change settings via email:
firebird-support-***@yahoogroups.com
firebird-support-***@yahoogroups.com
<*> To unsubscribe from this group, send an email to:
firebird-support-***@yahoogroups.com
<*> Your use of Yahoo Groups is subject to:
https://info.yahoo.com/legal/us/yahoo/utos/terms/