Fatal Error - SQL Injection

Application Security SSL / TLS
1

It appears that I am getting floods of SQL Injection attempts. Any tips to stop this from happening?

Below is a sample of the error.

Thanks in advance.

Fatal Error triggered by User at IP --> 141.101.98.167 ON September 23, 2020, 4:40:14 am

SQL Error Message: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE (userdb_id = 20)
                                AND (999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x39313335' at line 3
SQL statement that failed below:
---------------------------------------------------------
SELECT DISTINCT 999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles_file_name
                                FROM default_oren_999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles
                                WHERE (userdb_id = 20)
                                AND (999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles_id = 2)
                                ORDER BY 999999.9 /**/uNiOn/**/aLl /**/sElEcT 0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39--sfiles_rank
5

Basically, if SQL injection is possible on your server/code, you’ve got a serious security issue. In this case, personally, I’d take the site offline and fix the code first. Also, it may be possible in such a scenario that, depending on your setup, a hacker might have a backdoor to your server already.

If these are just attempts and were 100% not successful, you could probably block it through Cloudflare’s WAF or turn error logging off if you want. The IP “141.101.98.167” is probably from Cloudflare, so it’s not the User’s IP. You’d need to check the CF-Connecting-IP header for that.

1 Like
6

Hey Tom,

Thanks for your response.

I am using an application that I purchased. I had forwarded the error to the developers and they insist it was just attempts.

I will review your suggestions.

Thanks.

7

Just my thought as a web developer: If there is the error “You have an error in your SQL syntax”, the next attempt can be successful.

1 Like
8

This topic was automatically closed after 14 days. New replies are no longer allowed.