Re: [users@httpd] Interpreting a GET

Mon, 25 Aug 2014 14:06:17 -0700 

It is an attempt at SQL injection.

Sergei.

On 26/08/14 08:52, Gil Dawson wrote:

This critter appears in my log sometimes:

    113.161.88.70 - - [24/Aug/2014:00:29:49 -0700] "GET
    
/?C=D;O=A'+union+select+char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33)+--+
    HTTP/1.1" 200 5630
Apache apparently understands it (and returns 200 5630). I didn't find "char(" in RFC2616 nor a Google Search of the Apache documentation <http://httpd.apache.org/docs/2.2/>. 

Any idea what it is?

--Gil

Reply via email to