| 1:29 am on Jan 11, 2010 (gmt 0)|
%22 is an URL-encoded quote mark (") - this is usually due to a malformed link.
For a list of URL-encoded characters, see here:
| 2:57 am on Jan 11, 2010 (gmt 0)|
It's not just a malformed link when it's a bot appending it to over 1,000 different pages.
| 3:41 pm on Jan 11, 2010 (gmt 0)|
In that case, it's just bad programming by the bot owner (not a surprise, they are spammers after all!) - their list of URLs was either parsed eith the end quote (from reading
<a href="[b]/my-page.html"[/b]>), or they have generated a list of URLs but their regex is defective.
| 10:33 pm on Jan 11, 2010 (gmt 0)|
One second .... is there any other data with this query string?
Reason I ask is if you have a query like this
select * from table where field like "%$term"
A quote can do some serious damage.
$term = 'blah%22%20or%201=1%22';
Add those two together,
select * from table where field like "%blah" or 1=1"
And you have a basic mysql injection that displays all records from a given table.
| 2:03 am on Jan 12, 2010 (gmt 0)|
While we've certainly been the vicitm of SQL injection attacks, this time they only appended those characters to the URL.
| 11:43 pm on Feb 3, 2010 (gmt 0)|
it may be sending the quote to just test your server responses... See if it is exploitable further..
| 12:02 am on Feb 4, 2010 (gmt 0)|
Encyclo's and Rocknbil's explanations are the most probable causes. If it is only the %22, then it is Encyclo's explanation if there is a lot of other squirrelly stuff then it is more likely to be Rocknbil's explanation
| 8:28 pm on Apr 19, 2010 (gmt 0)|
Adding a quick single or double quote to the end of a dynamic URL is the most basic way to test for SQL injection. A page like:
will throw an error if the url loaded is as follows(if there is not sufficient input validation):
They are scanning your site for weaknesses my friend. Keep a close eye on it would be my recommendation, and as always, fully sanitize user input.