StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>It looks like an <a href="https://www.owasp.org/index.php/Buffer_overflow_attack" rel="nofollow" title="Buffer Overflow Attack">overflow attack</a>. They <code>UNION</code>-ed with your existing query. replacing all your <code>%20</code> with (space) since its url-encoded yields:</p> <pre><code>=-999.9 UNION ALL SELECT CONCAT(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e),0x31303235343830303536,0x31303235343830303536,0x31303235343830303536- </code></pre> <p>break it down:</p> <ol> <li>the <code>=-999.9</code> is just ending your current query</li> <li><code>0x31303235343830303536</code> is <code>NULL</code> - they are just matching the number of columns in your existing query. If you had <code>SELECT * FROM users</code> and <em><code>users</code></em> had 4 columns, the <code>UNION</code> must also have 4 columns. As a result, they just used `NULL values to populate those columns.</li> <li>the real confusion is in the <code>CONCAT()</code>. They are combining 126, 39, database name as hex value, 39, and 126</li> <li><code>--</code> is a mysql comment - it ignores the rest of your query after</li> </ol> <p>Judging from this attack, i suspect that you are not wrapping input in <code>mysql_real_escape_string()</code>, which allowed to attacked to jump out of your query and execute their own.</p> <p>See <a href="https://www.owasp.org/index.php/Main_Page" rel="nofollow" title="The Open Web Application Security Project (OWASP)">owasp.org</a> for more information.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload