Since I last wrote about a SQL Injection Attach that one of my sites received I took measures to prevent it and now reject a URL with @(cast in it immediately and don't process it any further. This has worked well over the last year and a half and no further attacks of that type have made it into the logs.
I have now started to see URL requests with the following pattern:
...&whichpage=3%20and%20char(124)%2Buser%2Bchar(124)=0
The significant part comes after the =3:
and |+user+|=0
No idea what they're trying to achieve with this...
No comments:
Post a Comment