{"id":1364,"date":"2012-06-23T17:48:51","date_gmt":"2012-06-24T00:48:51","guid":{"rendered":"http:\/\/www.wellgolly.com\/?p=1364"},"modified":"2012-06-29T10:48:38","modified_gmt":"2012-06-29T17:48:38","slug":"1364","status":"publish","type":"post","link":"https:\/\/www.wellgolly.com\/?p=1364","title":{"rendered":"MySQL injection attempts"},"content":{"rendered":"

I recently started getting lots of error statements in my error logs for a site I manage. And by lots I mean thousands each week. Since the site works fine and I haven’t changed anything recently I was puzzled as to why the were happening.<\/p>\n

So I expanded the MySql error codes to give me more information on what file was the problem and what the MySql statement was that failed. i.e filename, query, and error message.<\/p>\n

\nif (!$result) {\n    error_log("product.php");\n    error_log($query);\n    error_log(mysqli_error($dbLF));\n    die();\n  }\n<\/code><\/pre><\/p>\n
This is a common error.<\/p>\n
\n[18-Jun-2012 05:34:52 UTC] SELECT * FROM product_table\n           WHERE productNum = \\\\\\'1\n           ORDER BY display_seq, name\n[18-Jun-2012 05:34:52 UTC] You have an error in your SQL syntax; \n<\/code><\/pre><\/p>\n
And they get more complicated:
\n
\nSELECT * FROM product_table\n           WHERE productNum = 38\/product.php?id=381\\\\\\'\n           ORDER BY display_seq, name\n[19-Jun-2012 07:47:01 UTC] You have an error in your SQL syntax;\n<\/code><\/pre><\/p>\n
I went though all my code and I can\u2019t find anywhere that I could possible have such a malformed query.<\/p>\n
What clinched it for me are these queries:<\/p>\n
\nWHERE product_id = 999999.9\/**\/\/*!30000union\/**\/all\/**\/select\/**\/(select\/**\/concat(0x7e,0x27,group_concat(column_name),0x27,0x7e)\/**\/from\/**\/`information_schema`.columns\/**\/where\/**\/table_schema=0x52656D696E64657273\/**\/and\/**\/table_name=0x7573657273),0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536*\/--\n         WHERE product_id = 999999.9\/**\/\/*!30000union\/**\/all\/**\/select\/**\/(select\/**\/concat(0x7e,0x27,count(column_name),0x27,0x7e)\/**\/from\/**\/`information_schema`.columns\/**\/where\/**\/table_schema=0x446F776E6C6F616473\/**\/and\/**\/table_name=0x507572636861736573),0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536*\/--\n         WHERE product_id = 999999.9\/**\/\/*!30000union\/**\/all\/**\/select\/**\/(select\/**\/concat(0x7e,0x27,group_concat(column_name),0x27,0x7e)\/**\/from\/**\/`information_schema`.columns\/**\/where\/**\/table_schema=0x446F776E6C6F616473\/**\/and\/**\/table_name=0x507572636861736573),0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536,0x31303235343830303536*\/--\n\n<\/code><\/pre><\/p>\n
There’s absolutely no way I miscoded my query to get that garbage.<\/p>\n
Since all my product numbers are integers, I changed the code to only run if the productNum is an integer. Seems to work.<\/p>\n
\nif ( isset($_GET['num']) ) { $productNum  = mysql_real_escape_string($_GET['num']); }  else { $productNum  = '';} \n\n\/\/ Attempts have been made to exploit the database with long strings. \n\/\/ This stops it without filling up the error log.\nif ( !is_numeric($productNum) ) $productNum = '1';\n<\/code><\/pre><\/p>\n","protected":false},"excerpt":{"rendered":"
I recently started getting lots of error statements in my error logs for a site I manage. And by lots I mean thousands each week. Since the site works fine and I haven’t changed anything recently I was puzzled as to why the were happening. So I expanded the MySql error codes to give me … Continue reading MySQL injection attempts<\/span><\/a><\/p>\n","protected":false},"author":6,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-1364","post","type-post","status-publish","format-standard","hentry","category-coding"],"_links":{"self":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1364"}],"version-history":[{"count":0,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=\/wp\/v2\/posts\/1364\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wellgolly.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}