What is this sql injection attack and what should I check to see I am not vulnerable

Asked Mar 02 '17 at 01:56

Active Mar 02 '17 at 01:56

Viewed 81 times

I am escaping through PDO all my inputs.
From time to time I see in my logs the following attack:

1 AND 1=2 UNION SELECT 0x6461726b31636f6465,0x6461726b32636f6465,0x6461726b33636f6465,0x6461726b34636f6465,0x6461726b35636f6465,0x6461726b36636f6465,0x6461726b37636f6465,0x6461726b38636f6465,0x6461726b39636f6465,0x6461726b3130636f6465,0x6461726b3131636f6465

What does it look for?

asked Mar 02 '17 at 01:56

Itay Moav -Malimovka

52,579
61
190
278

3

Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Mar 02 '17 at 02:02
@RiggsFolly meant what you wrote. But that is not my question (how to be safe) raher I would like to understand what is going on there, – Itay Moav -Malimovka Mar 03 '17 at 02:33

What is this sql injection attack and what should I check to see I am not vulnerable

0 Answers0