Fatal Error - SQL Injection

jovan.guerrero · September 23, 2020, 4:40pm

It appears that I am getting floods of SQL Injection attempts. Any tips to stop this from happening?

Below is a sample of the error.

Thanks in advance.

Fatal Error triggered by User at IP --> 141.101.98.167 ON September 23, 2020, 4:40:14 am

SQL Error Message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE (userdb_id = 20)
                                AND (999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x39313335' at line 3
SQL statement that failed below:
---------------------------------------------------------
SELECT DISTINCT 999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles_file_name
                                FROM default_oren_999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles
                                WHERE (userdb_id = 20)
                                AND (999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles_id = 2)
                                ORDER BY 999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles_rank

TomKlein · September 23, 2020, 3:17pm

Basically, if SQL injection is possible on your server/code, you’ve got a serious security issue. In this case, personally, I’d take the site offline and fix the code first. Also, it may be possible in such a scenario that, depending on your setup, a hacker might have a backdoor to your server already.

If these are just attempts and were 100% not successful, you could probably block it through Cloudflare’s WAF or turn error logging off if you want. The IP “141.101.98.167” is probably from Cloudflare, so it’s not the User’s IP. You’d need to check the CF-Connecting-IP header for that.

jovan.guerrero · September 23, 2020, 3:49pm

Hey Tom,

Thanks for your response.

I am using an application that I purchased. I had forwarded the error to the developers and they insist it was just attempts.

I will review your suggestions.

Thanks.

TomKlein · September 23, 2020, 3:56pm

Just my thought as a web developer: If there is the error “You have an error in your SQL syntax”, the next attempt can be successful.

system · October 7, 2020, 4:40pm

This topic was automatically closed after 14 days. New replies are no longer allowed.