SQL Injections in Headers

Azareal

Paragon
Dec 18, 2010
1,746
354
130
Mars
gosora-project.com
FP$
4,498
https://blog.cloudflare.com/the-sleepy-user-agent/
This one is kind of interesting, although not entirely unexpected or shocking.

They're trying to do a SQL Injection via the user agent header, most likely for a site that does some sort of analytics without parametrising the inputs from headers (maybe because they think Apache / Nginx magically clean them?).
 

TopSilver

Acquaintance
Mar 16, 2019
47
23
10
28
www.mindpiff.com
FP$
182
That was back 2016 and I like the sleepy part blog
I like it too. Funny how they call it that just because it's a test to see if it works. Also interesting to me that they would tell you how to do it as well haha as if waiting for someone to try and learn how.