In the last couple of months I’ve been getting more and more attacks through the use of URL parameters. What happens is that I get a lot of requests to the pages that has URL parameters and then the hacker or robot tries to do SQL injection by adding code to the parameters.

This is one of the pages where this happens:

http://blog.madskristensen.dk/?year=2006&month=5

and this is the request that is made to that page by the robot:

http://blog.madskristensen.dk/?year=2006&month=5 and user>0

In my case nothing happens since BlogEngine isn’t vulnerable to these kinds of attacks, but it definitely is a reminder to always make sure that SQL injection attacks cannot happen from URL parameters like this. It was only when I counted the number of these attacks made to this website that I realized just how many I get on a daily basis. Be careful.

Comments


Comments are closed