SQL注入尝试,此查询尝试做什么?

时间:2011-07-11 09:06:37

标签: sql sql-server sql-injection union

  

可能重复:
  Site has been hacked via SQL Injection

看起来我的某个网站上有黑客尝试,我的报告显示以下查询字符串数据:

QUERY_STRING = ID=-999.9%20UNION%20ALL%20SELECT%200x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536-

它失败了,因为任何整数参数我总是强制转换为整数,所以如果尝试了类似的东西(经典ASP),就会出现不匹配错误。但我很困惑上面的查询是在尝试什么?它看起来不像我以前见过的任何东西。

1 个答案:

答案 0 :(得分:4)

看看: Site has been hacked via SQL Injection

初看起来猜测是一些自动工具做了一些盲目的SQL注入。