Tag: security

Another malware exfil attempt

So a client site was under an attack. There were many many attempts to inject SQL like the following into an innocuous statement: (SELECT (CASE WHEN (ORD(MID((SELECT IFNULL(CAST(table_name AS NCHAR),0x20) FROM INFORMATION_SCHEMA.TABLES WHERE table_schema=0x616f6b6865616c7468 LIMIT 42,1),23,1))>114) THEN 1 ELSE (SELECT 3246 UNION SELECT 9107) END)) In essence it’s for stepping through tables of a target…
Read more

2022-03-08 0

Thanks a lot, log4j

So recently the world exploded with log4j drama. CVE-2021-4228 (Severity 10.0/10), CVE 2021-45105 (9.0) and CVE-2021-45105 again (7.5). Seems now that many eyes are on the old library lots of vulnerabilities are being found. The first vulnerability was bad – really really bad. The only mitigating factor was praying you didn’t use the library in…
Read more

2021-12-19 0