What was this user trying to hack, and is it possible?

Question

What was this user trying to hack, and is it possible?

I accidentally got to my site today and noticed this:

String.fromCharCode(67, 79, 78, 67, 65, 84, 95, 87, 83, 40, 67, 72, 65, 82, 40, 51, 50, 44, 53, 56, 44, 51, 50, 41, 44, 117, 115, 101, 114, 40, 41, 44, 100, 97, 116, 97, 98, 97, 115, 101, 40, 41, 44, 118, 101, 114, 115, 105, 111, 110, 40, 41, 41)

Someone tried to enter a string. Confused, I looked at him and found out that I could translate him.

CONCAT_WS(CHAR(32,58,32),user(),database(),version())

What does this information show and can you really get into the database from javascript?

+4

javascript php xss

Richard Sedanna Sep 01 '15 at 20:24

source share

2 answers

Zachrip Marc B:

SQL- . Javascript DB, ( , ). - Zachrip
SQL-. DB , . root: mysql : 5.5.56 -

( Rocket Hazmat, CHAR(32,58,32) ' : ')

( ):

db. , ,/, . .

0

lockedz 01 . '15 20:46

Gray · Accepted Answer · 2015-09-02T14:07:30+0000

I think it’s important to recognize that your site is likely to be attacked no matter how secure it is. That's why we are doing everything right, right? The first rule - do not panic!

Just because someone is looking http://example.com/q=<script>alert('xss')</script>does not mean that you are vulnerable to cross-site scripting. They check if you have one.

, - ' OR 1=1--, , SQL-.

/, , , SQL-. CONCAT_WS(CHAR(32,58,32),user(),database(),version()) - SQL, , - . , , , . , , (, , ) .

, - . , - , .

, , ( ), , . , .

What was this user trying to hack, and is it possible?

More articles: