What's new
By:
Filters

what's this for??

The April FOTM Contest Poll is open!
FishForums.net Fish of the Month
🏆 Click to vote! 🏆

The text looks like SQL statements and console commands. If it is a bot it is not generating text for human consumption, it might be a script trying to find weakness in the system, though the commands don't look entirely right for that either. @dascrow do you know anything about this?
 
Uberhoust said:
The text looks like SQL statements and console commands. If it is a bot it is not generating text for human consumption, it might be a script trying to find weakness in the system, though the commands don't look entirely right for that either. @dascrow do you know anything about this?
Click to expand...
but...
the chat is not a console....
this is getting creepy.
maybe it is trying to gather info?
or just a bot thing that was accidentally revealed
 
I know that chat is not a console but everything you write in the chat gets interpreted by the system and gets added to a database. Some of the simpler hacks involve writing SQL statements into user entry fields, if the server processes these as an SQL statement then you can do a lot of different things. Hopefully security is good enough to stop those. There could be other reasons for the statements. "XOR(if(now()=sysdate(),sleep(15),0))XOR" looks like a code line of some sort to me, I am not a web developer but this looks like some trigger after a 15 minute wait.

No matter the cause this kind of information should not be displayed to the users. It could be some test script running.
 
Uberhoust said:
I know that chat is not a console but everything you write in the chat gets interpreted by the system and gets added to a database. Some of the simpler hacks involve writing SQL statements into user entry fields, if the server processes these as an SQL statement then you can do a lot of different things. Hopefully security is good enough to stop those. There could be other reasons for the statements. "XOR(if(now()=sysdate(),sleep(15),0))XOR" looks like a code line of some sort to me, I am not a web developer but this looks like some trigger after a 15 minute wait.

No matter the cause this kind of information should not be displayed to the users. It could be some test script running.
Click to expand...
that line is an attempt at blind sql injection. this one waits for a response, and the response time will vary depending on if the site is vulnerable to these types of attacks
it's something you'd do when you're looking for a site to hit
looks automated and is probably sent across a vast number of different places, nothing to worry about if the site is well protected
i can certainly find out more but i don't want to try anything without permission from an admin
 
The mods have asked the admins and we are also awaiting a response.
 
You must log in or register to reply here.

Most reactions

Latest Discussions

Magnum Man
Sometimes I think my fish just want to torture me..
Replies
0
Views
32
Magnum Man
Magnum Man
Magnum Man
Algae eating fish for African ( non rift lake ) tank…
Replies
0
Views
18
Magnum Man
Magnum Man
1
4 female dalmatian molly pregnancy chances
Replies
0
Views
21
16gallontanker
1
Thermal
Is it possible to do a Walstad Blackwater aquarium?
Replies
2
Views
50
Thermal
Thermal
Oldspartan
Film on water
Replies
2
Views
71
MaloK
MaloK

trending

Useful Links

Staff online

Members online

Total: 495 (members: 2, guests: 493)
Back
Top