SQL injection. Could you suggest what can be said about this?

L

Lorem Ipsum2020-09-03 07:41:38

Database

Lorem Ipsum, 2020-09-03 07:41:38

I don't understand anything in sql. But it looks like sql injection, am i right?
If so, is it possible to tell something from these screenshots. What is the result of the "attacker".
Is it possible to see this from the screenshots?)
Screenshots will be thrown in the comments.
And if it doesn’t work like that and it’s impossible to tell from the screenshots, then in which direction should I move? (What to google)

Screenshots

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

D

DevMan, 2020-09-03
@MummersMoral

yes, it looks like an injection.
but, if it's easy to save/display and does NOT have a direct effect on the base, then there's not much to worry about.
in addition to analyzing where this comes from and blocking, if possible.

F

FanatPHP, 2020-09-03
@FanatPHP

You should be afraid not of those requests that returned 500, but of those that returned 200.
500 means that the attack failed.
What you see here is not an injection, it's an attempt, a test for an injection. Unsuccessful.
Lucky you won't see here.
In principle, the fact that the code returns 500 is also a cant. This means that the code is curved and potentially there may be an injection. Well, or not - it's hard to say without seeing the code.
Move in the direction of hiring a specialist