Jump to content

Archived

This topic is now archived and is closed to further replies.

tjzones

Was this person trying to hack my site?

Recommended Posts

When I woke up this morning, I saw this person through the "who's online" contribution registered as John Brat from Helstla jonasson in the United kingdom.

What really caught my attention was the URL he was on"http://mysite.com/store/customer_testimonials.php?testimonial_id=44+union+select". The "who's online" contribution didn't give me the full url. I then checked the referring link and this came up "http://www.google.com/search?q=inurl:%22customer_testimonials.php/testimonial_id%3D%22+&hl=sv&start=80&sa=N". He had put "inurl:"customer_testimonials.php/testimonial_id=" in the URL.

The google search page was not in english( I don't know what language). It gets stranger, I looked up his IP address "216.224.124.124" and it traces to "Aptos, Califonia in the United States. Anyway, I dashed to my Admin control panel and banned his IP adddress and deleted his customer record.

When I try to access the partial link he was on, I get:

1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

select * FROM customer_testimonials WHERE testimonials_id = 44 union select

 

[TEP STOP].

 

It look like he was trying to enter an sql statement.

 

Does anyone know what this person may have done or what he was looking for?

I looked up his address(bogus address)

 

Please somebody.

Share this post


Link to post
Share on other sites
When I woke up this morning, I saw this person through the "who's online" contribution registered as John Brat from Helstla jonasson in the United kingdom.

What really caught my attention was the URL he was on"http://mysite.com/store/customer_testimonials.php?testimonial_id=44+union+select". The "who's online" contribution didn't give me the full url. I then checked the referring link and this came up "http://www.google.com/search?q=inurl:%22customer_testimonials.php/testimonial_id%3D%22+&hl=sv&start=80&sa=N". He had put "inurl:"customer_testimonials.php/testimonial_id=" in the URL.

The google search page was not in english( I don't know what language). It gets stranger, I looked up his IP address "216.224.124.124" and it traces to "Aptos, Califonia in the United States. Anyway, I dashed to my Admin control panel and banned his IP adddress and deleted his customer record.

When I try to access the partial link he was on, I get:

1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

select * FROM customer_testimonials WHERE testimonials_id = 44 union select

 

[TEP STOP].

 

It look like he was trying to enter an sql statement.

 

Does anyone know what this person may have done or what he was looking for?

I looked up his address(bogus address)

 

Please somebody.

 

There is an exploit for customer_testimonials and the script kiddies all know about it now.

 

I'd suggest you read the support thread. I posted a security fix there.

Share this post


Link to post
Share on other sites

×