SQL injection question

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
Post Reply
User avatar
Jim Dominic
Registered User
Posts: 109
Joined: Sat Apr 02, 2005 6:38 pm

SQL injection question

Post by Jim Dominic »

I am seeing this type of thing in my server logs over the past few weeks. Any suggestions on how to block and/or prevent such attempts from succeeding appreciated. Most of these get a 403 in return, but some of them return a 200 code which concerns me.

Code: Select all

GET /search.php?search_id=%28SELECT%20%28CASE%20WHEN%20%287006%3D7006%29%20THEN%207006%20ELSE%207006%2A%28SELECT%207006%20FROM%20INFORMATION_SCHEMA.PLUGINS%29%20END%29%29&sid=7634b70db449a9e2f00ef934fd9937cf HTTP/1.1
User avatar
rubencm
Development Team Member
Development Team Member
Posts: 104
Joined: Fri Oct 05, 2007 2:24 pm
Location: Spain

Re: SQL injection question

Post by rubencm »

That are just bots looking for common vulneravilities, don't worry
Post Reply

Return to “phpBB Discussion”