What is this hacker trying to do?

According to http://bytes.com/topic/mysql/answers/888849-hacker-attempt it looks like it's trying to run:

WAITFOR DELAY '00:00:15'

As others have pointed out it's not a DOS attack (as I originally stated) but merely a way to easily determine if the SQL Server is vulnerable and can be added to a list of hosts to perhaps further hack away at later on.


He is testing your server for SQL Injection, specifically this is a robust test that will work even if its Blind SQL Injection. Blind SQL Injection is when an attacker is able to execute SQL however, there isn't a viewable response. If the http request takes at least 15 seconds the attacker will know that he can execute SQL, and that your running MS-SQL. After this attack he will follow it up with a xp_cmpdshell() to infect your server.


In simpler terms he/she/it is very slick. Using the "WAITFOR DELAY..." strategy allows he/she/it to see if the server is vulnerable without logging anything. The check is being done to see what access the connectionstring user has in the db. And like @Rook said, thT WOULD LEAD TO XP_CMDSHELL() which can give the intruder access to the server and even your network.