Some questionable query parameters appearing in our traffic

[jacobdgm]

Discovered while looking into some brief downtime the Production site experienced around midday today:

154.40.38.166 - - [18/Dec/2023:16:42:52 +0000] "GET /searchms/123687?cantus_id=1&feast=1&genre=124&keyword=0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z&melodies=true&mode=1&office=4166&op=contains&position=1 HTTP/1.1" 200 32296 "https://cantusdatabase.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "-"
154.40.38.166 - - [18/Dec/2023:16:42:52 +0000] "GET /searchms/123680?cantus_id=1&feast=1&genre=122&keyword=the&melodies=true&mode=1&office=4485&op=contains&position=-1%20OR%202%2B536-536-1=0%2B0%2B0%2B1 HTTP/1.1" 200 32279 "https://cantusdatabase.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "-"
154.40.38.166 - - [18/Dec/2023:16:42:52 +0000] "GET /searchms/123686?cantus_id=1&feast=1&genre=124&keyword=0\x22XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR\x22Z&melodies=true&mode=1&office=4166&op=contains&position=1 HTTP/1.1" 200 32319 "https://cantusdatabase.org/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/109.0.0.0 Safari/537.36" "-"

There's no sign that anything has gone wrong, as far as I can tell, but is there any possibility we need to be worried that people are sending us query parameters along the lines of &keyword=0'XOR(if(now()=sysdate()%2Csleep(15)%2C0))XOR'Z?

[jacobdgm]

There's a bunch of similar-ish requests from this same IP address. It seems to be going through each of our pages that accept query parameters and systematically adding a SQL-injection sort of thing to each parameter in turn.

[annamorphism]

from what I can tell, this seems to be a reasonably common bot approach to test whether a blind SQL injection would be likely to work or not; if it didn't get the response it was looking for, it probably won't come back.