It seems several people have been trying to attack my wifes site. I've had 4 attacks the last two days. 2 from the same ISP.. They are trying the SQL injection. Hmmmm I don't have the code here with me at the moment.
well all that union is really doing is trying to overflow and bypass your databases....I keep up with alot of the vulnerabilities of nuke and SQL and it wouldnt take but a google search to get to these hacker sites which tell you to do these things...I wouldnt worry about it much. (posting it that is) but worry about people doing this
Darrell3831 Captain
Joined: Jan 05, 2004
Posts: 425
Posted:
Wed Jul 21, 2004 3:20 am
Quote:
overflow and bypass your databases
Hi,
I could be wrong, but it appears to me that they are trying to select your aid and password from your database. Not overflow it or bypass it.
Quote:
select 0,0,aid,pwd,0,0,0,0,0,0 from nuke_authors
When they try the buffer overflow error your email from Protector will be very long and contain a huge string of usually hexidecimal characters. That's the string they used to try and overflow it.
The buffer overflow hack is more a MySQL hack than a Nuke one.
Lol by databases I meant MySQL...this is rather new so people should watch out for anything along that line of code!
*edit* ps.. it is a MySQL overflow/bypass exploit...want a link? didnt think so
Darrell3831 Captain
Joined: Jan 05, 2004
Posts: 425
Posted:
Thu Jul 22, 2004 4:30 am
Quote:
*edit* ps.. it is a MySQL overflow/bypass exploit...want a link? didnt think so
EvilShorty,
The attack posted in this thread is known by most people as a UNION exploit. However your more than welcome to name it anything you like.
Quote:
modules.php?name=search&type=stories&query=f00bar&category=-1&categ= and 1=2 UNI0N select 0,0,aid,pwd,0,0,0,0,0,0 from nuke_authors/*
If you look at the syntax the attacker used here, you can see they are trying to piggyback an extended query via a UNION which SELECTS items from the nuke.authors table. Namely the aid and pw of records in the nuke.authors table.
On a succesful attck using this or similar exploits the attacker gets your aid and password. Then they can log into your admin section as you and change things on your site.
The MySQL buffer never overflows with this exploit. Even on systems that are vulnerable to buffer overflows.
The size of the MySQL buffer is thousands of characters long on most versions of MySQL. This entire query/hack is only a few characters long. There is no danger of overflowing any buffer in any version of MySQL that I know of with only a few characters.
If an attacker is probing your site to see if you have a version of MySQL that is vulnerable to buffer overflows they must pass enough characters in the query to actually overflow the buffer. You will know when you have had one of these exploits because the query string will be huge. Thousands of characters long.
If your query isent longer than the buffer on vulnerable version of MySQL nothing will happen.
The term bypass in your description is only remotely applicable in the sense that they are attempting to bypass your nuke security.
You had asked if I wanted a link earlier. I presume you meant to some place where a person has chosen to name a union exploit as a overflow/bypass exploit. That won't be necessary, but thanks for offering. I respect their right to name it anything they choose and concede to your assertion that they have.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
