On Thu, November 19, 2009 09:47, James Coffman wrote:
> Hello all,
>
> My website has been hacked using a url such as:
> -1%20union%20all%20select%201,2,concat(username,char(58),password),4,5,6%20f
> rom%20users-- .
>
> I have been searching on the web for a solution/fix to this issue and I
> cannot seem to find one. The command above is showing all usernames and
> passwords (in hashes) and I am not comfortable with that at all! Is there
> anyone out there that may be able to help or may be able to point me in
> the
> direction that I need to go in order to correct this issue?
Looks like a SQL injection attack. You should always filter any input
from the web to accept only those characters and conditions which are
reasonable for that list.
In perl you should also either $dbh->quote($inputString) or use the '?'
place holder mechanism.
For example if I'm expecting a page number (or other whole number) from
form variable PAGEID I do something like this.
($pid) = $q->param('PAGEID') =~/(\d+)/; Basically it will only accept
0-9s as input. Hope this helps.
How do you have your database server setup? How are the commands being
passed to the database?
SOURCE IP FROM HEADER:
************************************************
*Please block this account's access to the *
*internet until its cleaned up. We are basing *
*this on an analysis of the header NOT the FROM*
*address. *
************************************************
------
William R. Mussatto
Systems Engineer
http://www.csz.com
909-920-9154
--
MySQL General Mailing List
For list archives: http://lists.mysql.com/mysql
To unsubscribe: http://lists.mysql.com/mysql?unsub=arch...@jab.org
