0 Replies Latest reply on Jan 18, 2017 6:45 AM by WolfShade

    Hack attempt using sleep()???

    WolfShade Level 4

      Hello, all,

       

      I'm just curious if anyone else has had any hack attempts on their webserver using sleep() as part of an injection attempt?

       

      Someone in network security, here, forwarded sections of a log that show someone attempted, for an hour and a half, to slip the sleep() command in as a URL parameter, and they even tried to add bogus CFID and CFTOKEN URL parameters (I'm assuming as an attempt at session hijacking??)

       

      Has anyone else seen anything like this?

       

       

       

      ?CFID=SLEEP(15)+/*'+or+SLEEP(15)+or+'%22+or+SLEEP(15)+or+%22*/&CFTOKEN=362d01e1fdb64cf4-D83FE818-9EA2-F4A4-388891E61E6CC13F%0A

       

       

      ?CFID=16331257&CFTOKEN=SLEEP(15)+/*'+or+SLEEP(15)+or+'%22+or+SLEEP(15)+or+%22

       

       

      ?mp=home&ms=SLEEP(15)+/*'+or+SLEEP(15)+or+'%22+or+SLEEP(15)+or+%22*/&mt=vision%0A