ttocskcaj Posted April 6, 2012 Share Posted April 6, 2012 Our admin panel for a gaming community was recently hit by a successful MySQL injection attack. Here are the parameters they entered into forms to gain access. ${99319+100354} <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE acunetix [ <!ENTITY acunetixent SYSTEM "http://testphp.vulnweb.com/dot.gif"> ]> <xxx>&acunetixent;</xxx> Not sure which one worked, or how they even managed to POST to that page. But how do these two strings work? What do they do? Quote Link to comment Share on other sites More sharing options...
KevinM1 Posted April 6, 2012 Share Posted April 6, 2012 What are you currently doing for form sanitation? Are you using mysql_real_escape_string anywhere? Quote Link to comment Share on other sites More sharing options...
Psycho Posted April 6, 2012 Share Posted April 6, 2012 I don't believe either of those strings would cause SQL Injection unless you were doing some really bad practices such as eval() on that data before creating the query. Now, I can definitely see those strings causing other problems not related to SQL injection. What problems did you experience that makes you think this is SQL Injection and not XSS attack or some other problem? Quote Link to comment Share on other sites More sharing options...
ttocskcaj Posted April 9, 2012 Author Share Posted April 9, 2012 Yea, I had a closer look at the logs, and removed the bad stuff. I believe it was XSS. I'm just more curious what those two strings do? Quote Link to comment Share on other sites More sharing options...
scootstah Posted April 9, 2012 Share Posted April 9, 2012 I'm not sure about the first but the second one appears to attempt to inject a potentially malicious image into the page. The "image" could potentially execute code to do various bad things. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.