Stupid MySQL Injection Attack

In: smp

14 Apr 2005

Someone exploited a hole in the version of MySQL I was running (4.1.10) this morning by sending the following malformed URL:

http://www.newestindustry.org/index.php/2005/04/
2005-04-14-13:33:16%7c-1%7c104%7c2005-04-14-13:33:04%7c151.99.208.233
%7c3%7c-1%7c0%7c-1%7c0%7c-1%7c-1%7c10%7c-1%7c7%7c7%7c

http://www.newestindustry.org/index.php/2005/04/2005-04-14-13:33:16

%7c-1%7c104%7c2005-04-14-13:33:04%7c151.99

You can try it now, but it does not cause the database to crash anymore, because I have upgraded to MySQL 4.1.11.

DOH!

Spread the Love:
  • Facebook
  • Twitter
  • Ping.fm
  • Digg
  • StumbleUpon
  • LinkedIn
  • Reddit
  • Slashdot
  • Netvouz
  • Identi.ca
  • Technorati
  • del.icio.us
  • email

Related Posts

blog comments powered by Disqus

About this blog

Stephen Pierzchala is one of a 10-year veteran of the Web performance field who also writes on topics that interest his non-linear world-view.

Contact

stephen@pierzchala.com

+1 (508) 410-3865

Copyright © 2007 - Newest Industry - is proudly powered by WordPress | Log in

Compositio Theme is created by: Design Disease brought to you by PremiumThemes.com