Display results as threads.
Search this forum only. Display results as threads.
So, as it's being used a lot, I would submit my answer. In my opinion, the aim of these requests is to check the presence or absence of a sql injection.
+AND(SELECT COUNT(*) FROM (SELECT 1 UNION SELECT null UNION SELECT !1)x GROUP by CONCAT((SELECT version() FROM information_schema.tables LIMIT 0,1),FLOOR(RAND(0)*2))).
On my site, for instance, it's entirely safe to fail any request with the string 'concat' or %20union' or 'information_schema'. Indeed, I can even ban any IP that so much as bothers to attempt a request including such strings.
...UNIunionON+SELselectECT +union+distinct+select+ +union+distinctROW+select+ union+/.
You can clearly see rules containing keywords "select", "union", "all" etc.
select+co ncat(cast(table_name+as+char),0x7e)
cast bar48 sec ago.
Внедрение SQL-кода — один из распространённых способов взлома сайтов и программ, работающих с базами данных, основанный на внедрении в запрос произвольного SQL-кода.