What is this hacker trying to do?

Question

If you do a search for:

http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N

you will see a lot of

Answer 1

WAITFOR could be used for time-based SQL Injection attack.

Time-Based Blind SQL Injection Attacks

Time-based techniques are often used to achieve tests when there is no other way to retrieve information from the database server. This kind of attack injects a SQL segment which contains specific DBMS function or heavy query that generates a time delay. Depending on the time it takes to get the server response, it is possible to deduct some information. As you can guess, this type of inference approach is particularly useful for blind and deep blind SQL injection attacks.

Time-Based Attacks Pros and Cons

One main advantage of this technique is to have little to no impact on logs, especially when compared to error-based attacks. However, in situations where heavy queries or CPU intensive functions like MySQL's BENCHMARK() must be used, chances are good that system administrators realize something is going on.

---

This vulnerability could be mitigated with new SQL Server 2019/SQL Azure Database feature:

Feature Restrictions(discountinued)

One common source of SQL Server attacks is through web applications that access the database where various forms of SQL injection attacks are used to glean information about the database. Ideally, application code is developed so it does not allow for SQL injection. However, in large code-bases that include legacy and external code, one can never be sure that all cases have been addressed, so SQL injections are a fact of life that we have to protect against. The goal of feature restrictions is to prevent some forms of SQL injection from leaking information about the database, even when the SQL injection is successful.

EXEC sp_add_feature_restriction , , 

WAITFOR Feature Restriction

A Blind SQL Injection is when an application does not provides an attacker with the results of the injected SQL or with an error message, but the attacker can infer information from the database by constructing a conditional query in which the two conditional branches take a different amount of time to execute. By comparing the response time, the attacker can know which branch was executed, and thereby learn information about the system. The simplest variant of this attack is using the WAITFOR statement to introduce the delay.

EXEC sp_add_feature_restriction N'Waitfor', N'User', N'MyUserName'