SQL injection question

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Anti-Spam Guide
Post Reply
User avatar
Jim Dominic
Registered User
Posts: 94
Joined: Sat Apr 02, 2005 6:38 pm

SQL injection question

Post by Jim Dominic » Sun Oct 21, 2018 1:47 pm

I am seeing this type of thing in my server logs over the past few weeks. Any suggestions on how to block and/or prevent such attempts from succeeding appreciated. Most of these get a 403 in return, but some of them return a 200 code which concerns me.

Code: Select all

GET /search.php?search_id=%28SELECT%20%28CASE%20WHEN%20%287006%3D7006%29%20THEN%207006%20ELSE%207006%2A%28SELECT%207006%20FROM%20INFORMATION_SCHEMA.PLUGINS%29%20END%29%29&sid=7634b70db449a9e2f00ef934fd9937cf HTTP/1.1

User avatar
rubencm
Development Team Member
Development Team Member
Posts: 62
Joined: Fri Oct 05, 2007 2:24 pm
Location: Spain

Re: SQL injection question

Post by rubencm » Sun Oct 21, 2018 5:23 pm

That are just bots looking for common vulneravilities, don't worry

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: AmigoJack, hismaimai9999 and 28 guests