While investigating a possible incident, a security analyst discovers the following log entries:
67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] 'GET /query.php?q-wireless%20headphones / HTTP/1.0' 200 12737
132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] 'GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0' 200 935
12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] 'GET /query.php?q=mp3%20players I HTTP/1.0' 200 14650
Which of the following should the analyst do first?

Question

While investigating a possible incident, a security analyst discovers the following log entries:

67.118.34.157 ----- [28/Jul/2022:10:26:59 -0300] 'GET /query.php?q-wireless%20headphones / HTTP/1.0' 200 12737

132.18.222.103 ----[28/Jul/2022:10:27:10 -0300] 'GET /query.php?q=123 INSERT INTO users VALUES('temp', 'pass123')# / HTTP/1.0' 200 935

12.45.101.121 ----- [28/Jul/2022:10:27:22 -0300] 'GET /query.php?q=mp3%20players I HTTP/1.0' 200 14650

Which of the following should the analyst do first?

Dario Esposito · Accepted Answer

Check the users table for new accounts

Dario Esposito · Answer

Implement a WAF

Dario Esposito · Answer

Disable the query .php script

Dario Esposito · Answer

Block brute-force attempts on temporary users

List of questions