Is this an SQL injection attack? If so, what's it trying to do?

security sql apache-2.4

I'm seeing a number of entries in my access log where 'A=0 is added to a query parameter, eg:

http://www.server.org/foo/?bar=1'A=0&type=xml

The parameter that 'A=0 is attached to varies, but it's always 'A=0, so it seems unlikely that this is some accidentally malformed URL being clicked on. Also, the referer is always the same as the target URL, which makes me think it's a wholly manufactured request.

What I don't get is what this is intended to do. Assuming it's an SQL injection attempt, it seems like it would generate invalid SQL and simply fail. Is there something I'm missing?


It's a bit of a blunt instrument, intended to "probe" poorly-written sites, i.e. those vulnerable to SQL Injection attacks and with poor error-handling.

$user = $_GET[ 'bar' ] ; // "1'A=0" 
$sql = "select * from users where username = '$user'" ; // literally '1'A=0'

Such sites will throw an error at this and, more than likely, display the whole error message for all the World, and the attacker, to see. The wording of that error will, most likely, be DBMS specific.
So, one dodgy request like this and Bingo! Your attacker now knows what DBMS you're running and can reach for their favourite "Attack Vector Playbook" to start breaking into that.

Related

Backing up volumes from host vs from the inside of the container
Multple IP routing on Squid Proxy
How to run multiple subdomain under same IP in apache2
Enter an exited docker container in interactive mode
iPhone not syncing old iCloud photos
How to set a default application to open a file in mac?
Is there a Macbook (or pro) with TB3 USB C ports without butterfly keys
iPhone asks to trust computer each time when tethering hotspot is on [duplicate]
Shortcuts for the application switcher in OS X
Microphone Not Working With FaceTime
YouTube video thumbnails not getting loaded
macOS Catalina renamed external volume name