Last 5 search terms on my store shows strange malicious looking search strings

Question

The last 5 search terms used on my magento store per my shop dashboard has some malicious looking strings. I was wondering if anyone had any insight on how these could affect my store. Is it possible to run malicious queries or strings through the on site varien search form?

This is a list of the search terms in question with the most recent first:

fz1' aND BeNChMaRK(2999999,Md5(NoW())) AnD '1
fz1'&&BeNChMaRK(2999999,mD5(NOW()))&&'1
fz1'&&sLEEp(3)&&'1
fz1' AnD sLeep(3) ANd '1

score 2 · Answer 1 · answered Oct 23 '14 at 16:26

2

It's someone attempting Blind SQL Injection to try and gain access to your database. Some people state Magento already has sufficient protection in place to prevent this but the general rule here would be to delete the search terms and contact your host provider for advice. They might be able to block access from the person attempting this.

answered Oct 23 '14 at 16:26

David

21
1

Thank you, I assumed it was malicious but was wondering specifically what they were trying to do. Now to learn how to do that myself to my test store so I can better understand how to protect against it. Thank you for a starting point. – Thomas Oct 24 '14 at 16:41

score 0 · Answer 2 · answered Oct 23 '14 at 16:22

0

That was an attempted break-in.. I would say that v1.7 is secured at the search form

answered Oct 23 '14 at 16:22

Detzler

1,322
11
14

Last 5 search terms on my store shows strange malicious looking search strings

2 Answers2