[nsp-sec] Apparent distributed Oracle attack.
jose nazario
jose at arbor.net
Wed Oct 8 16:23:21 EDT 2008
Looks like ASProx/Danmec to me. Grabbing a part of your request and googling
for it yielded a lot of goodies ... Some gems:
http://blog.dkferguson.com/index.cfm/2008/9/2/CFPROCPARAM-1--SQL-injection-0
http://isc.sans.org/diary.html?storyid=4771
Also I don't think it's Oracle specific I think it's MSSQL specific.
So I *think* that's what you're looking at based on best evidence so far.
-- jose
-------------------------------------------------------------
jose nazario, ph.d. <jose at arbor.net>
security researcher, office of the CTO
Arbor Networks
v: (734) 821 1427
PGP: 0x40A7BF94
www.arbornetworks.com
-------------------------------------------------------------
More information about the nsp-security
mailing list