You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by Gil Dawson <Gi...@GilDawson.com> on 2014/08/25 22:52:45 UTC
[users@httpd] Interpreting a GET
This critter appears in my log sometimes:
113.161.88.70 - - [24/Aug/2014:00:29:49 -0700] "GET /?C=D;O=A'+union+select+char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33)+--+ HTTP/1.1" 200 5630
Apache apparently understands it (and returns 200 5630). I didn't find "char(" in RFC2616 nor a Google Search of the Apache documentation.
Any idea what it is?
--Gil
Re: [users@httpd] Interpreting a GET
Posted by Sergei <se...@gmail.com>.
It is an attempt at SQL injection.
Sergei.
On 26/08/14 08:52, Gil Dawson wrote:
> This critter appears in my log sometimes:
>
> 113.161.88.70 - - [24/Aug/2014:00:29:49 -0700] "GET
> /?C=D;O=A'+union+select+char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33),char(38,126,33)+--+
> HTTP/1.1" 200 5630
>
>
> Apache apparently understands it (and returns 200 5630). I didn't
> find "char(" in RFC2616 nor a Google Search of the Apache
> documentation <http://httpd.apache.org/docs/2.2/>.
>
> Any idea what it is?
>
> --Gil