Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 13 Aug 2018, 15:47
Scalemotorcars's Avatar
Scalemotorcars Scalemotorcars is offline
 
Join Date: Mar 2006
Real name: Daniel
How do I test for SQL Injection

I just got a DB error and searched the IP it came from and its been reported for SQL Injection. Is there a way to test to see if they were successful?

Thanks.
__________________
ScaleMotorcars.com Large scale model building at its best. Check it out.
Reply With Quote
  #2  
Old 14 Aug 2018, 18:42
Scalemotorcars's Avatar
Scalemotorcars Scalemotorcars is offline
 
Join Date: Mar 2006
Real name: Daniel
Anyone have a clue?
__________________
ScaleMotorcars.com Large scale model building at its best. Check it out.
Reply With Quote
  #3  
Old 15 Aug 2018, 00:20
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Real name: Anthony
What DB error did u get?
Reply With Quote
  #4  
Old 15 Aug 2018, 02:19
Scalemotorcars's Avatar
Scalemotorcars Scalemotorcars is offline
 
Join Date: Mar 2006
Real name: Daniel
I changed the DB table ID but her you go. And thanks for looking at it.

Invalid SQL:
SELECT node.nodeid AS itemid,
(node.nodeleft = 1) AS isroot, node.nodeid, node.contenttypeid, node.contentid, node.url, node.parentnode, node.styleid, node.userid,
node.layoutid, node.publishdate, node.setpublish, node.issection, parent.permissionsfrom as parentpermissions,
node.permissionsfrom, node.publicpreview, node.showtitle, node.showuser, node.showpreviewonly, node.showall,
node.showupdated, node.showviewcount, node.showpublishdate, node.settingsforboth, node.includechildren, node.editshowchildren,
node.shownav, node.hidden, node.nosearch, node.nodeleft,
info.description, info.title, info.html_title, info.viewcount, info.creationdate, info.workflowdate,
info.workflowstatus, info.workflowcheckedout, info.workflowlevelid, info.associatedthreadid,
user.username, sectionorder.displayorder, thread.replycount, parentinfo.title AS parenttitle

FROM A2Ctest_cms_node AS node
INNER JOIN A2Ctest_cms_nodeinfo AS info ON info.nodeid = node.nodeid

LEFT JOIN A2Ctest_user AS user ON user.userid = node.userid
LEFT JOIN A2Ctest_thread AS thread ON thread.threadid = info.associatedthreadid
LEFT JOIN A2Ctest_cms_sectionorder AS sectionorder ON sectionorder.sectionid = 1
AND sectionorder.nodeid = node.nodeid
LEFT JOIN A2Ctest_cms_node AS parent ON parent.nodeid = node.parentnode
LEFT JOIN A2Ctest_cms_nodeinfo AS parentinfo ON parentinfo.nodeid = parent.nodeid
INNER JOIN A2Ctest_cms_node AS rootnode
ON rootnode.nodeid = 1 AND (node.nodeleft >= rootnode.nodeleft AND node.nodeleft <= rootnode.noderight) AND node.nodeleft != rootnode.nodeleft AND node.contenttypeid <> 23 AND node.new != 1 AND ( (( (node.permissionsfrom IN (-1)) OR ( node.permissionsfrom in (1,2,5,11,45,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133 ,134,135,136,148,149,164,165,205,242,243,273,336,337,338,375,377) AND (node.parentnode IN (1,133,134,136,375,242,205,45,117,336,337,338,377) OR node.nodeid = 1) AND
node.setpublish > 0 AND node.publishdate < 1534174163 ))) OR (node.setpublish AND node.publishdate <1534174163 AND node.publicpreview > 0))AND node.hidden = 0 AND ((node.setpublish = '1' AND node.publishdate <= 1534174163 ) OR node.userid = 0)

ORDER BY node.publishdate DESC LIMIT -16, 80;
__________________
ScaleMotorcars.com Large scale model building at its best. Check it out.
Reply With Quote
  #5  
Old 15 Aug 2018, 09:39
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Real name: Anthony
You can use these to scan for anything suspicious.


SELECT title, phpcode, hookname, product FROM plugin WHERE phpcode LIKE '%base64%' OR phpcode LIKE '%exec%' OR phpcode LIKE '%system%' OR phpcode like '%pass_thru%' OR phpcode like '%iframe%';


SELECT styleid, title, template FROM template WHERE template LIKE '%base64%' OR template LIKE '%exec%' OR template LIKE '%system%' OR template like '%pass_thru%' OR template like '%iframe%';


Did you locate anything in the apache/nginx etc log related to that attempted post in the cms for that time stamp?
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


New To Site? Need Help?

All times are GMT. The time now is 00:46.

Layout Options | Width: Wide Color: