[CentOS] C5 MySQL injection attack ("Union Select")
Always Learning
centos at u64.u22.netThu Mar 24 03:21:03 UTC 2016
- Previous message: [CentOS] Centos in the Browser string ?
- Next message: [CentOS] C5 MySQL injection attack ("Union Select")
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
mysql Ver 14.12 Distrib 5.0.95, for redhat-linux-gnu (x86_64) using readline 5.1 I spotted something strange and immediately installed a routine to automatically impose an iptables block when the key used for database access is excessively long. My URL was something like this ...../...../.....php?key=123456 The injection was something like this ...../...../.....php?key=876711111111111111111111111111' UNION SELECT 13,CONCAT([X],count(*),[X],13,13,13,13,13,13 FROM information_schema.TABLES WHERE `TABLE_NAME` LIKE "%wp_users%" -- /* order by 'as There are no user permission on information_schema. There seems to be 2 versions of the coding floating around on Austrian and Russian IPs. One is ineffective but the other works. It seems the author is expert in the intricate structure and design of SQL. -- Regards, Paul. England, EU. England's place is in the European Union.
- Previous message: [CentOS] Centos in the Browser string ?
- Next message: [CentOS] C5 MySQL injection attack ("Union Select")
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list