Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
U
U
up72019-09-19 11:56:29
Nginx
up7, 2019-09-19 11:56:29

How does the left data appear in the ip field in the nginx log?

there is sql injection log
123.132.123.123 - - [19/Sep/2019:04:08:47 +0200] "GET /admin/gsettings.php HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36" "';UPDATE users SET tam=1 WHERE username=\x22NameUs\x22;--,111.11.11.11
" Ip what is in front of it? Before 11/11/11/11?
in other words, how is such a get request formed? Headings added?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
B
Boris Syomov, 2019-09-19
@up7

It is simply formed, for example, not in the browser at all. Accordingly, you can set any headers, make any request, send any data.
Actually, therefore, you can never just trust the data that came from the user. None, no field in the form, no http header. Everything needs to be filtered.

Similar questions
G
giggigi2011-08-26 12:50:40
Site files are deleted when configuring nginx (CentOS) 2Reply
A
Anton Artyomov2015-10-22 18:58:55
How to redirect some pages in ngninx? 1Reply
M
monyavitevna2018-02-28 12:16:31
Need to create a user with FTP/SFTP access only? 3Reply
B
Begetan2011-09-18 22:24:13
Which is better for the backend: Apache or FastCGI? Nginx will ALWAYS remain on the frontend 11Reply
N
navion2011-09-20 17:37:50
Proxying a site with absolute paths in location nginx? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question