spires Posted May 24, 2010 Share Posted May 24, 2010 Hi I've had some one try to hack my account. declare @q varchar(8000) select @q = 0x57414954464F522044454C4159202730303A30303A313527 exec(@q) Does anyone know what this hack does? Or, how to stop it? Thanks Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/ Share on other sites More sharing options...
ignace Posted May 24, 2010 Share Posted May 24, 2010 0x57414954464F522044454C4159202730303A30303A313527 translates to: ?WAITFOR DELAY '00:00:15' It's to check if your script is whether or not hackable. Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/#findComment-1062525 Share on other sites More sharing options...
codex-m Posted May 24, 2010 Share Posted May 24, 2010 This looks an SQL injection attempt because of it declares some variable VarChar and using SQL statement SELECT. Ignace is right, but I suggest to use mysql_real_escape_string on all those PHP variables before inserting data to MySQL database. Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/#findComment-1062527 Share on other sites More sharing options...
spires Posted May 24, 2010 Author Share Posted May 24, 2010 ok, thanks. Is there any way of seeing if it was hacked? Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/#findComment-1062529 Share on other sites More sharing options...
spires Posted May 24, 2010 Author Share Posted May 24, 2010 Hi codex-m I use addslashes() is this just as good as mysql_real_escape_string()? Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/#findComment-1062530 Share on other sites More sharing options...
Mchl Posted May 24, 2010 Share Posted May 24, 2010 No, it is not just as good. If it was, you wouldn't have mysql_real_escape_string(); This code does nothing dangerous by itself, but can show attacker, that there's a vulnerability in your script they can exploit. Did they manage to run in on your database, or did you filter it out? Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/#findComment-1062533 Share on other sites More sharing options...
spires Posted May 24, 2010 Author Share Posted May 24, 2010 They got in to the database. I'm now trying to stop this from happening again. I'm not to sure if they got any info out or not. Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/#findComment-1062544 Share on other sites More sharing options...
Mchl Posted May 24, 2010 Share Posted May 24, 2010 If this actually got stored in database, nothing wrong happened. It means your script is secure against this kind of attack. You pasted this code on this forum, and it got stored in database, because we can see it. It didn't execute, and as such is harmless. Link to comment https://forums.phpfreaks.com/topic/202715-what-does-this-hack-do/#findComment-1062547 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.