Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
I don't allow commenting on this particular WP install. It's really only there to run a podcast. So I got these two messages waiting to be moderated. The name line is what strikes me as really odd. Was this a hack attempt? I don't know enough about coding to know what was being attempted, but it obviously want to say they loved the podcast! Any insight would be great. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
is the next Chiquita
Join Date: Feb 2005
|
He was trying a SQL injection attack. I know nothing about WP, but there are some stuff out there that's stupidly designed where you can pass a SQL statement and it will be parsed as another SQL statement on top of whatever it is normally used for.
|
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
That's a SQL injection attempt. Someone is hoping that you (or your software) are not properly escaping strings or that you aren't using prepared statements when querying the database.
The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Thanks guys. (Love the comic Brad)
So what would this person be attempting to do? Just crash my DB? If they had gained access, what would this really give them? Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Without knowing more about WordPress' database schema it's hard to tell. It looks like he's trying to insert a custom user in the first "Name:" field, possibly an admin account, and then trying to get information about admin access in the second "Name:" field.
The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
quote |
is the next Chiquita
Join Date: Feb 2005
|
I didn't exactly understand it myself, but am I mistaken in thinking that it was crappily written SQL, especially the second one?
1) He tried to do a UNION, which usually requires that we have same numbers of column, which he has no idea, no? 2) "SELECT 1 FROM wp_users" is a odd construction, and IINM, would return "1" or nothing at all if there weren't any fields with name "1" (and why the heck would it be named "1")? 3) It looks as if he was trying to get the password for admin, but had to do some reverse, padding and other juggling all at once. ( I do know for a fact that if you have a Microsoft Word document that's locked with a password, you can just save it as XML, get something like password="XXX", then you reverse the XXX then using the hex editor, delete the reversed string to effectively unlock it- something to do with endianness, I guess.) |
quote |
‽
|
Quote:
Quote:
|
||
quote |
is the next Chiquita
Join Date: Feb 2005
|
Is that for a different SQL dialect? I only do that with either TOP for T-SQL or LIMIT for MySQL.
|
quote |
‽
|
Quote:
And TOP and LIMIT are actually not the same. Those give you a specific amount of rows; "SELECT 1" gives you a specific content within the rows; the amount of rows depends on the table's existing data. *) Okay, okay: I'm just too lazy. |
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
Hmm. Interesting- I don't think I ever saw that kind of statement before. A quick check in MySQL's manual, it's not used in same sense you just described;
SELECT 1 FROM foo; = Code:
foo
1 'Literal value; returns same value for every row Nonetheless, glad I learned something new. Last edited by Banana : 2008-06-14 at 14:34. Reason: Did an belated experiment and edited the results |
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Another way the "SELECT 1" construct is handy is in conjunction with an EXISTS and a subquery.
Such as: SELECT name FROM users WHERE EXISTS (SELECT 1 FROM posts WHERE users.user_id = posts.user_id AND posts.rating = 5); If there are many rows in posts with a rating of 5 and the user_id, the final result will still only have one row for that user_id. This isn't a great example because the query is so simple and there are several other ways to get this result, but this trick comes in handy when you have much larger sets of data and tables to work with. Do keep in mind that it's very likely this user is simply a bot or a script kiddie targeting a specific, known vulnerability in WordPress and that this is a trick that actually works on vulnerable systems. The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
quote |
is the next Chiquita
Join Date: Feb 2005
|
Brad, thanks for that li'l example. When I have a chance, I'll try and play with that. May end up useful in future.
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
Okay, I'm now quite curious.
Apparently, Wordpress is powered by MySQL, but as I posted above, SELECT 1 construction doesn't work; it will return all rows, displaying same value '1' for each row. I wonder if this could actually be a stored procedure or something like that? EDIT: I think I'm just slow. It looks like SELECT 1 is supposed to replace SELECT * to provide better performance when we need to know how many rows or something else that doesn't really depend on actual data in table, which was why Brad used an subquery example, right? And Turtle, just so you know... Quote:
|
|
quote |
‽
|
Quote:
Quote:
|
||
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
I have no idea which version on WP is being used on this site. I can't even figure out where it's listed so I can know and update if needed. The organization uses a "do everything" hosting company and I get limited access to stuff like this. We have to pay big if they have to make any changes. The good part is I have FTP access to the WP directory on the server. I guess I could update it, but if I break the theme then I'm stuck and I'm not ready to pay them for this.
Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Selfish Heathen
Join Date: May 2004
Location: Zone of Pain
|
Quote:
This idea is also useful for inserts + selects. Say you're working at a car dealership and you have a table "car_type" that contains columns make, model, and year and you have to manually update the database every year with the new models. Let's assume that you have the following data: Code:
make | model | year
-------+--------------------+------
Honda | Civic Sedan | 2008
Honda | Civic Coupe | 2008
Honda | Civic Hybrid Sedan | 2008
Honda | Accord Sedan | 2008
Honda | Accord Coupe | 2008
Honda | Fit | 2008
Honda | Fit Sport | 2008 You get news that Honda's 2009 lineup is exactly the same as the 2008 lineup and you need to update the database accordingly. What do you do?You can either do a whole slew of inserts... Code:
INSERT INTO car_type VALUES ('Honda', 'Civic Sedan', 2009);
INSERT INTO car_type VALUES ('Honda', 'Civic Coupe', 2009);
INSERT INTO car_type VALUES ('Honda', 'Civic Hybrid Sedan', 2009);
INSERT INTO car_type VALUES ('Honda', 'Accord Sedan', 2009);
INSERT INTO car_type VALUES ('Honda', 'Accord Coupe', 2009);
INSERT INTO car_type VALUES ('Honda', 'Fit', 2009);
INSERT INTO car_type VALUES ('Honda', 'Fit Sport', 2009); OR you can do a single insert + select like this...Code:
INSERT INTO car_type SELECT make, model, 2009 FROM car_type WHERE make = 'Honda' AND year = 2008; In this case, the '2009' in the SELECT behaves exactly like the '1' in the SELECT of the previous example. The only difference here is that we're also getting other values in the SELECT and passing them to the INSERT.In either case, we get... Code:
make | model | year
-------+--------------------+------
Honda | Civic Sedan | 2008
Honda | Civic Coupe | 2008
Honda | Civic Hybrid Sedan | 2008
Honda | Accord Sedan | 2008
Honda | Accord Coupe | 2008
Honda | Fit | 2008
Honda | Fit Sport | 2008
Honda | Civic Sedan | 2009
Honda | Civic Coupe | 2009
Honda | Civic Hybrid Sedan | 2009
Honda | Accord Sedan | 2009
Honda | Accord Coupe | 2009
Honda | Fit | 2009
Honda | Fit Sport | 2009 Pretty neat, huh? The quality of this board depends on the quality of the posts. The only way to guarantee thoughtful, informative discussion is to write thoughtful, informative posts. AppleNova is not a real-time chat forum. You have time to compose messages and edit them before and after posting. |
|
quote |
is the next Chiquita
Join Date: Feb 2005
|
Very!
I remember seeing that tip when I had that MySQL class but I don't recall anything about SELECT 1 (or may have forgotten that one). Either way, it's great to remember that one again. Thanks again, Brad! |
quote |
Lord of the Rant.
Formerly turtle2472 Join Date: Mar 2005
Location: Upstate South Carolina
|
Here's the latest, this time on my Video version of the blog:
Code:
Author : \')/* (IP: 64.38.5.174 , srv1.greatideas.com)
E-mail :
URI : http://ekibastos
Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=64.38.5.174
Comment:
<strong>ekibastos...</strong>
ekibastos... From WP:Interesting that I'm just now getting hit with this when the blogs have been going for over a year now. Louis L'Amour, “To make democracy work, we must be a nation of participants, not simply observers. One who does not vote has no right to complain.” Visit our archived Minecraft world! | Maybe someday I'll proof read, until then deal with it. |
quote |
Posting Rules | Navigation |
|
Thread Tools | |
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
How to Manage/Administer a SQL database guide/tutorial? | Banana | General Discussion | 9 | 2007-06-01 11:52 |
The Best Ways to *BOUNCE* SPAM | Moogs | Genius Bar | 29 | 2006-11-26 14:10 |
spam on your .mac account? | Mac+ | General Discussion | 46 | 2006-09-17 16:09 |
Best Forum? Holy Crap! | Windowsrookie | Feedback | 195 | 2006-04-03 18:23 |
On Spam | ghoti | Feedback | 1 | 2006-04-02 17:57 |