Stupid MySQL Injection Attack

Someone exploited a hole in the version of MySQL I was running (4.1.10) this morning by sending the following malformed URL:

http://www.newestindustry.org/index.php/2005/04/
2005-04-14-13:33:16%7c-1%7c104%7c2005-04-14-13:33:04%7c151.99.208.233
%7c3%7c-1%7c0%7c-1%7c0%7c-1%7c-1%7c10%7c-1%7c7%7c7%7c
http://www.newestindustry.org/index.php/2005/04/2005-04-14-13:33:16
%7c-1%7c104%7c2005-04-14-13:33:04%7c151.99

You can try it now, but it does not cause the database to crash anymore, because I have upgraded to MySQL 4.1.11.
DOH!

Leave a Reply

Your email address will not be published. Required fields are marked *