999999.9+union+all+select+%27R3DM0V3_hvj_injection',null. 650727400945вход в рпн and (select 6922 from(select count...
Display results as threads. More... Useful Searches.
So, as it's being used a lot, I would submit my answer. In my opinion, the aim of these requests is to check the presence or absence of a sql injection.
-999.9+union+all+select+%27R3DM0V3_hvj_injection',null%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL
...site.net/lt/y.php?t=999999.9'+union+all+select+0x31303235343830303536,(select+concat(0x7e,0x27,unhex(Hex(cast(a_admin.email+as+char))),0x5e,unhex(Hex(cast(a_admin.password+as+char))),0x5e
You can clearly see rules containing keywords "select", "union", "all" etc.
The used SELECT statement, referer: http://site.com/index.php?page=shop.browse&category_id=25&option...
On my site, for instance, it's entirely safe to fail any request with the string 'concat' or %20union' or 'information_schema'. Indeed, I can even ban any IP that so much as bothers to attempt a request including such strings.
union all select id =null union all select id =1 +and+ false + union +all +select id = 9999 union all select +union+distinct+select+ +union+distinctROW+select+
-1 UNION SELECT group_concat(username, 0x3a, password) FROM admin.