Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Got this email, what is he doing?
Goto page Previous  1, 2		 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Author Message
lonk
Regular
Regular



Joined: Aug 04, 2006
Posts: 64
PostPosted: Wed Aug 27, 2008 8:28 pm Reply with quote
i added those strings but before i get it setup i got this email

User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
Query String: www.eqcaelum.com/index.php?;DECLARE_@S_CHAR(4000);SET_@S=CASThttp://www.yahoo.com/
Get String: www.eqcaelum.com/index.php?;DECLARE_@S_CHAR(4000);SET_@S=CASThttp://www.yahoo.com/
Post String: www.eqcaelum.com/index.php
Forwarded For: none
Client IP: none
Remote Address: 74.195.190.116
Remote Port: 63527
Request Method: GET
 
View user's profile Send private message
jakec
Site Admin



Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
PostPosted: Thu Aug 28, 2008 12:27 am Reply with quote
The previous post by Gremmie should protect against this string as well.
 
View user's profile Send private message
Gremmie
Former Moderator in Good Standing



Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
PostPosted: Thu Aug 28, 2008 7:15 am Reply with quote
lonk, that just looks like a malformed attack. My .htaccess fix won't stop that because there are no spaces between DECLARE and the @, however if that is the actual text you got from Sentinel that probe can't possibly do anything. It doesn't look syntactically correct in any SQL I am aware of.

_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module 
View user's profile Send private message
dad7732
RavenNuke(tm) Development Team



Joined: Mar 18, 2007
Posts: 1242
PostPosted: Thu Aug 28, 2008 9:02 am Reply with quote
Unfortunately I cannot provide the script any longer simply because since the htaccess edit I haven't received ANY scripts (hundreds) that made it through. But I do remember that there were no underscores in the script. Perhaps this is a deliberate attempt to bypass any type of script spoiler, who knows.

Cheers
 
View user's profile Send private message
jakec
PostPosted: Thu Aug 28, 2008 10:42 am Reply with quote
I stand corrected, sorry. Embarassed
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Hack Attempt Script
Goto page Previous  1, 2

 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©