1 year ago

#338377

test-img

James

SQL injection attack. Best possible defense review

For the last few days my logs have been revealing an attack on my system. I don't know what they are trying to accomplish? They seem to be attacking my style sheets only with GETS and POSTS to them.

the queries they are running are variations of this. ' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# %' ORDER BY 9978# %' UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#

Should I be concerned? what are they trying to access? How can I stop them from accessing whatever they are looking for? (I have prepared statements, so I am not too worried, but still just want to know so I can build the best defense possible.) Thank you in advance

LOG file

GET /styles.css?ts=1642369117%27%20ORDER%20BY%201%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20ORDER%20BY%201%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20ORDER%20BY%208912%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20ORDER%20BY%208912%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%201%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%201%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%209978%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20ORDER%20BY%209978%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.1
GET /styles.css?ts=1642369117%25%27%20UNION%20ALL%20SELECT%20NULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL%23 HTTP/1.0

sql

code-injection

server-side-attacks

0 Answers

Your Answer

Accepted video resources

Posts

Questions

Blogs

Jobs