SQL injection, how it works
I looked through the logs and found SQL injection. It looks like it's being used a lot, but I really don't understand how it works. I tried to represent it in the form they provided, but nothing happens.
Injection string:
(select(0)from(select(sleep(0)))v)/*''+(select(0)from(select(sleep(0)))v)+''"+(select(0)from(select(sleep(0)))v)+"*/
I can't understand how they introduced it. Didn't affect the server, what can I say. They received no data. But I still want to know how they did it.
source to share
This is a vulnerability test. This is one of the easiest and safest ways to find out if your server is vulnerable to SQL injection - and more importantly, it doesn't need any attention from a potential attacker! You can use a method like this to automatically test sites for SQL injection vulnerabilities - in which case that means a potential attacker can run any query or command, you don't seem to have any receipts. Needless to say, this is bad.
You should think that your server has been hacked - it is probably now on the list of users pending further exploitation. Fix the problem as soon as possible and ideally fix it completely if the actual fix takes some time.
The idea is that the vulnerable server will react differently to the request with different argument values sleep
- this means that it is very easy to automatically go through all possible inputs (remember that even things like hidden fields and dropdowns can be changed by desire) and find out if they are vulnerable of them. When this works, you can enter a malicious request / command right away, or continue to use it sleep
to get information directly - especially useful when there is no data that you could do from the outside by modifying the vulnerable request. Through a series of yes-no questions (based on a simple one if(whatever, sleep(5), 0)
), you can determine enough to push your attack further.
source to share