I would like to know what's string in the end of User-Agent after Trident/5.0)
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)'%2bbenchmark(20000000%2csha1(1))--%20
0
votes
1 Answers
0
votes
That's simply an SQL injection attack. A malicious user sends this User-Agent header, hoping you store it in a (My)SQL database without proper query parameterization.
If the attack succeeds, the request will take a lot longer than without that benchmark, so the attacker will know that this vulnerability is present.
Search the web for benchmark(20000000%2csha1(1)) for more examples.
