Lilupop sql injection




  • anyone hit by it ?
    i feel kind of sad cause noone even tried it on our servers :(

    and why is it such a success? i thought sql injection was so old, it wouldn't work anywhere anymore ...



  •  What the hell is lilupop?

     

    We have an URL scanner that flags suspect urls. They don't work, of course, because we auto-sanitize that shit, but you'd be surprised how many attempts at injecting are reported. The quality of the injections ranges from the elaborate to the retarded, and both.

    Some very old sites that we got from bought clients are sometimes still vulnerable, but I think that count has dropped to 0.



  • @dhromed said:

     What the hell is lilupop?



    apparently the latest craze



    @dhromed said:
    We have an URL scanner that flags suspect urls. They don't work, of course, because we auto-sanitize that shit, but you'd be surprised how many attempts at injecting are reported. The quality of the injections ranges from the elaborate to the retarded, and both.




    we have something similar, it mostly catches tests from acunetix or the n- thing (i cant seem to remember the name of the linux intrusion testing app) ...



  • @Nelle said:

    we have something similar, it mostly catches tests from acunetix or the n- thing (i cant seem to remember the name of the linux intrusion testing app) ...
     

    I use mod_security on Apache to filter suspicious emails, but the majority of sites I host don't tend to be coded with such schoolboy errors.  Some are still exploitable (Wordpress, etc) but I patch when I can.

    Unlike this kind of URL


Log in to reply