There are nearly a thousand of them in one day!
[text][02-Feb-2013 20:44:42] PHP Warning: include(includes/product1111111111111\" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45),CHAR(45,120,49,49,45,81,45),CHAR(45,120,49,50,45,81,45),CHAR(45,120,49,51,45,81,45),CHAR(45,120,49,52,45,81,45),CHAR(45,120,49,53,45,81,45),CHAR(45,120,49,54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45),CHAR(45,120,49,57,45,81,45),CHAR(45,120,50,48,45,81,45),CHAR(45,120,50,49,45,81,45),CHAR(45,120,50,50,45,81,45),CHAR(45,120,50,51,45,81,45),CHAR(45,120,50,52,45,81,45),CHAR(45,120,50,53,45,81,45) -- /* order by \"as /*.inc) [<a href='function.include'>function.include</a>]: failed to open stream: File name too long in /home/site/public_html/index_ip.php on line 71
[02-Feb-2013 20:44:42] PHP Warning: include() [<a href='function.include'>function.include</a>]: Failed opening 'includes/product1111111111111\" UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45),CHAR(45,120,49,49,45,81,45),CHAR(45,120,49,50,45,81,45),CHAR(45,120,49,51,45,81,45),CHAR(45,120,49,52,45,81,45),CHAR(45,120,49,53,45,81,45),CHAR(45,120,49,54,45,81,45),CHAR(45,120,49,55,45,81,45),CHAR(45,120,49,56,45,81,45),CHAR(45,120,49,57,45,81,45),CHAR(45,120,50,48,45,81,45),CHAR(45,120,50,49,45,81,45),CHAR(45,120,50,50,45,81,45),CHAR(45,120,50,51,45,81,45),CHAR(45,120,50,52,45,81,45),CHAR(45,120,50,53,45,81,45) -- /* order by \"as /*.inc' for inclusion (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/site/public_html/index_ip.php on line 71
[/text]
What does this Error Log code mean? It's very strange.
Moderator: General Moderators
-
simonmlewis
- DevNet Master
- Posts: 4435
- Joined: Wed Oct 08, 2008 3:39 pm
- Location: United Kingdom
- Contact:
Re: What does this Error Log code mean? It's very strange.
This is an attempt to perform sql injection
Re: What does this Error Log code mean? It's very strange.
It is showing that you are allowing user changeable information to be used in an include() statement, which is a BIG NO-NO in programming!
If you have to have a variable include that is set by the visitor, always validate/clense the value and make sure it exists, such as:
If you have to have a variable include that is set by the visitor, always validate/clense the value and make sure it exists, such as:
Code: Select all
if (preg_match('/[a-z0-9_-]/i',$strTheirInfo)) {
if (file_exists('includes/product'.$strTheirInfo)) {
include('includes/product'.$strTheirInfo);
}
else {
echo "Could not locate that product";;
}
}
else {
echo "Invalid request";
}-
simonmlewis
- DevNet Master
- Posts: 4435
- Joined: Wed Oct 08, 2008 3:39 pm
- Location: United Kingdom
- Contact:
Re: What does this Error Log code mean? It's very strange.
I think it was down to the "getPage" script done wrong, as I changed it. Bad move.
Your script here tho, is that a means of stopping someone running a programme to find or crash a site, but constantly loading "dud" info?
Thanks... as this prove useful.
Your script here tho, is that a means of stopping someone running a programme to find or crash a site, but constantly loading "dud" info?
Thanks... as this prove useful.
Love PHP. Love CSS. Love learning new tricks too.
All the best from the United Kingdom.
All the best from the United Kingdom.