The Cache: Technology Expert's Forum
 
*
Welcome, Guest. Please login or register. September 22, 2019, 06:03:01 PM

Login with username, password and session length


Pages: [1]
  Print  
Author Topic: SQL injection?  (Read 5805 times)
dee
Journeyman
***
Offline Offline

Posts: 94


View Profile
« on: March 31, 2012, 04:25:26 AM »

Hi all

Ive just been checking through stats on a wordpress site and i see lots of hits with get/post in the url. Ive a little bit about SQL injection attacks .Is this what someones trying to do ? the hits look like this(hope its cool to post this):

+%5BPLM=0%5D+GET+http: **site url**/+%5B0,15488,29548%5D+-%3E+%5BN%5D+POST+http **site url /+%5B0,0,31772%5D

There are quite a few. Obviously its probably something i should be worried about. Whats the best thing to do to deal with it? I dont have admin access to the server. If someone can be arsed explaining whats going on i'd appreciate it.
Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #1 on: March 31, 2012, 08:59:47 AM »

I'm not an injectionboi or scriptkiddy, so I can't even read that.

But cursorily, the get/post reference makes me think someone is using you as a proxy more than someone injecting. It strikes me tha we'd see more SQL keywords if they were trying to plumb your DB. And really, you probably are not sexy enough (as a site mate, as a site) to attract that sort of attack. You're probably more useful as a platform to do other things.

I'm going to look at this for a while though because it's piqued my curiosity .... Especially since I've been thinking about getting my blog back up and running.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #2 on: March 31, 2012, 09:03:19 AM »

Looking for fragments of that line show it in guest books from some sites, some forums and such. Think I might just take a walk through my logs as well.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
dee
Journeyman
***
Offline Offline

Posts: 94


View Profile
« Reply #3 on: March 31, 2012, 10:11:54 AM »

Thanks Perk. Agreed the site is prolly not sexy enough for someone to waste time on.None of mine are unfortunately ha ha. Violin

So were they trying to get a script in to bounce off of then as a proxy ? Or just run using my resources to do nefarious stuff ?

Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #4 on: March 31, 2012, 01:47:16 PM »

Dunno yet
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Bompa
Administrator
Lifer
*****
Offline Offline

Posts: 564


Where does this show?


View Profile
« Reply #5 on: March 31, 2012, 05:22:50 PM »

A few months back I read about a new plugin for wp that allows
the blog to act as a web proxy.  I don't remember it's name.


Bompa
Logged

"The most beautiful and profound emotion we can experience is the sensation of the mystical..." - Albert Einstein
mightycitizen
Rookie
**
Offline Offline

Posts: 27


View Profile
« Reply #6 on: April 01, 2012, 02:30:34 AM »

A few months back I read about a new plugin for wp that allows
the blog to act as a web proxy.  I don't remember it's name.


Bompa


repress ?

http://wordpress.org/extend/plugins/repress/
Logged

No links in signatures please
dee
Journeyman
***
Offline Offline

Posts: 94


View Profile
« Reply #7 on: April 01, 2012, 03:41:36 AM »

Quote

Certainly not something I have installed myself. Ive had a quick scan on the server and nothing seems to have been modified at least. Theres also been nothing again since yesterday. Guess it must have been someone having a pop.Although as perk mentioned , they must have been seriously bored as site is certainly not worth sweating over.

It's feasible that as the content is 'self helping' that one of the generating plugs is doing something although I suspect that would have come up somewhere and ive scanned the code.I think I know just about enough to spot any weird phone home stuff or such dodgyness. They are all pretty common until im capable of home grown. Ive searched various places and it not a complaint anyone else has mentioned.

Oh well...
« Last Edit: April 01, 2012, 03:57:09 AM by dee » Logged
perkiset
Olde World Hacker
Administrator
Lifer
*****
Offline Offline

Posts: 10096



View Profile
« Reply #8 on: April 01, 2012, 09:26:26 AM »

I saw it applied against forums, BBs, Wordpress... I don't think it's something like that, I definitely think its something's funky. Can't tell if its doing want its intended to, only that it's being tried.
Logged

It is now believed, that after having lived in one compound with 3 wives and never leaving the house for 5 years, Bin Laden called the U.S. Navy Seals himself.
Pages: [1]
  Print  
 
Jump to:  

Perkiset's Place Home   Best of The Cache   phpMyIDE: MySQL Stored Procedures, Functions & Triggers
Politics @ Perkiset's   Pinkhat's Perspective   
cache
mart
coder
programmers
ajax
php
javascript
Powered by MySQL Powered by PHP Powered by SMF 1.1.2 | SMF © 2006-2007, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks


Valid XHTML 1.0! Valid CSS!