SQL Injections in Headers

Azareal

Azareal

Paragon
Joined
Dec 18, 2010
Messages
1,680
Reaction score
353
FP$
4,498
https://blog.cloudflare.com/the-sleepy-user-agent/
This one is kind of interesting, although not entirely unexpected or shocking.

They're trying to do a SQL Injection via the user agent header, most likely for a site that does some sort of analytics without parametrising the inputs from headers (maybe because they think Apache / Nginx magically clean them?).
 
Empire said:
That was back 2016 and I like the sleepy part blog
Click to expand...
I think part of the problem here is that it's easy for people to overlook and a lot of servers don't log headers, so webmasters sometimes assume there's nothing wrong lol
 
Empire said:
That was back 2016 and I like the sleepy part blog
Click to expand...

I like it too. Funny how they call it that just because it's a test to see if it works. Also interesting to me that they would tell you how to do it as well haha as if waiting for someone to try and learn how.
 
You must log in or register to reply here.

About Us

Since 2007, Forum Promotion has specialized in providing advertising solutions to webmasters looking to promote their communities. We pride ourselves in being the bridge that connects forum administrators, bloggers, and more.

Sponsors

Affiliates

    Universal Gaming The Coffee House

Stay Connected

Back
Top Bottom