Textpattern CMS

#1 2008-04-05 14:17:20

sunmaker

Member

From: Washington DC

Registered: 2005-01-04

Posts: 40

Is this a hack attempt on my TXP site?

Examining the visitor log on one of my TXP sites, I found several entries like this, all from one IP address:

mywebsite/​index.​php?​id=1+and+1=2+union+se​lect+0×2D4578372D31,​0×2D4578372D32,​0×2D4578372D33,​0×2D4578372D34/​*

What is to be made of this? I don’t recognize the entry, but the words union and select suggest some type of MySQL command.

---

All boundaries are for practical purposes only.

#2 2008-04-05 14:26:48

ruud

Developer Emeritus

From: a galaxy far far away

Registered: 2006-06-04

Posts: 5,068

Website

Re: Is this a hack attempt on my TXP site?

Strange, especially those hex numbers. It won’t affect TXP though because we sanitize the id before using it.

#3 2008-04-05 15:40:53

johnnie

Member

Registered: 2007-03-10

Posts: 58

Re: Is this a hack attempt on my TXP site?

Hm… This looks like some kind of buffer overflow attempt