What kind of attack is a request like this? /?gclsrc=aw.ds&gclsrc=aw.ds&%20and%201%3E1

The number of request strings like this one seems to have increased over the last weeks. They all have in common, that they contain a combination of google adwords / google adsense parameters and sql injection.

The decoded value of the request string is

/?gclsrc=aw.ds&gclsrc=aw.ds& and 1>1 

I can see

  • a duplicate gclsrc parameter
  • an sql injection attempt

… but why this combination? Is it a technique to grab adsense revenues while sqli probing?