httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sergei <sergei.fra...@gmail.com>
Subject Re: [users@httpd] Interpreting a GET
Date Mon, 25 Aug 2014 21:04:48 GMT
It is an attempt at SQL injection.

Sergei.

On 26/08/14 08:52, Gil Dawson wrote:
> This critter appears in my log sometimes:
>
>     113.161.88.70 - - [24/Aug/2014:00:29:49 -0700] "GET
>     /?C=D;O=A'+union+select+char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33)+--+
>     HTTP/1.1" 200 5630
>
>
> Apache apparently understands it (and returns 200 5630).  I didn't 
> find "char(" in RFC2616 nor a Google Search of the Apache 
> documentation <http://httpd.apache.org/docs/2.2/>.
>
> Any idea what it is?
>
> --Gil


Mime
View raw message