What does this hack do?

[spires]

Hi

 

I've had some one try to hack my account.

 

declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) 

 

Does anyone know what this hack does?

Or, how to stop it?

 

Thanks

[ignace]

0x57414954464F522044454C4159202730303A30303A313527

 

translates to:

 

?WAITFOR DELAY '00:00:15'

 

It's to check if your script is whether or not hackable.

[codex-m]

This looks an SQL injection attempt because of it declares some variable VarChar and using SQL statement SELECT. Ignace is right, but I suggest to use mysql_real_escape_string on all those PHP variables before inserting data to MySQL database.

[spires]

ok, thanks.

Is there any way of seeing if it was hacked?

[spires]

Hi  codex-m

I use addslashes() is this just as good as mysql_real_escape_string()?

 

[Mchl]

No, it is not just as good. If it was, you wouldn't have mysql_real_escape_string();

 

This code does nothing dangerous by itself, but can show attacker, that there's a vulnerability in your script they can exploit.

Did they manage to run in on your database, or did you filter it out?

 

[spires]

They got in to the database.

I'm now trying to stop this from happening again.

I'm not to sure if they got any info out or not.

[Mchl]

If this actually got stored in database, nothing wrong happened. It means your script is secure against this kind of attack.

 

You pasted this code on this forum, and it got stored in database, because we can see it. It didn't execute, and as such is harmless.