tjzones Posted February 9, 2008 Share Posted February 9, 2008 When I woke up this morning, I saw this person through the "who's online" contribution registered as John Brat from Helstla jonasson in the United kingdom. What really caught my attention was the URL he was on"http://mysite.com/store/customer_testimonials.php?testimonial_id=44+union+select". The "who's online" contribution didn't give me the full url. I then checked the referring link and this came up "http://www.google.com/search?q=inurl:%22customer_testimonials.php/testimonial_id%3D%22+&hl=sv&start=80&sa=N". He had put "inurl:"customer_testimonials.php/testimonial_id=" in the URL. The google search page was not in english( I don't know what language). It gets stranger, I looked up his IP address "216.224.124.124" and it traces to "Aptos, Califonia in the United States. Anyway, I dashed to my Admin control panel and banned his IP adddress and deleted his customer record. When I try to access the partial link he was on, I get: 1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 select * FROM customer_testimonials WHERE testimonials_id = 44 union select [TEP STOP]. It look like he was trying to enter an sql statement. Does anyone know what this person may have done or what he was looking for? I looked up his address(bogus address) Please somebody. Link to comment Share on other sites More sharing options...
♥FWR Media Posted February 9, 2008 Share Posted February 9, 2008 When I woke up this morning, I saw this person through the "who's online" contribution registered as John Brat from Helstla jonasson in the United kingdom. What really caught my attention was the URL he was on"http://mysite.com/store/customer_testimonials.php?testimonial_id=44+union+select". The "who's online" contribution didn't give me the full url. I then checked the referring link and this came up "http://www.google.com/search?q=inurl:%22customer_testimonials.php/testimonial_id%3D%22+&hl=sv&start=80&sa=N". He had put "inurl:"customer_testimonials.php/testimonial_id=" in the URL. The google search page was not in english( I don't know what language). It gets stranger, I looked up his IP address "216.224.124.124" and it traces to "Aptos, Califonia in the United States. Anyway, I dashed to my Admin control panel and banned his IP adddress and deleted his customer record. When I try to access the partial link he was on, I get: 1064 - You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 select * FROM customer_testimonials WHERE testimonials_id = 44 union select [TEP STOP]. It look like he was trying to enter an sql statement. Does anyone know what this person may have done or what he was looking for? I looked up his address(bogus address) Please somebody. There is an exploit for customer_testimonials and the script kiddies all know about it now. I'd suggest you read the support thread. I posted a security fix there. Ultimate SEO Urls 5 PRO - Multi Language Modern, Powerful SEO Urls KissMT Dynamic SEO Meta & Canonical Header Tags KissER Error Handling and Debugging KissIT Image Thumbnailer Security Pro - Querystring protection against hackers ( a KISS contribution ) If you found my post useful please click the "Like This" button to the right. Please only PM me for paid work. Link to comment Share on other sites More sharing options...
New 
Recommended Posts
Archived
This topic is now archived and is closed to further replies.