[nsp-sec] ACK 174 RE: mass SQL injections (robint.us)
Shelton, Steve
sshelton at Cogentco.com
Thu Jun 10 11:38:18 EDT 2010
Dirk,
Thanks!
Steve Shelton
Security Engineer
Cogent Communications
-----Original Message-----
From: nsp-security-bounces at puck.nether.net
[mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Dirk Stander
Sent: Thursday, June 10, 2010 11:21 AM
To: nsp-security at puck.nether.net
Subject: [nsp-sec] mass SQL injections (robint.us)
----------- nsp-security Confidential --------
Hi,
i'm sending this by courtesy of shadowserver.
This is a list of web sites found as Referer:s in HTTP-requests to
robint.us. This domain name has been used in some SQL injection
attempts and has been sinkholed by the shadowserver foundation.
You'll find some more information here:
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100609
Traces of the SQL injections can be found in the IIS webserver logs
by searching for strings like:
"dEcLaRe%20 at s%20vArChAr(8000)%20sEt%20 at s=0x6445634C6152652040742076"
....
The format of the list is:
<ASN> | <IP> | <CC> | <hits> | <domain> | <sample URL> | <AS desc>
174 | 80.245.39.31 | EU | 407 | 2xmoinscher.com |
http://www.2xmoinscher.com/CD/detail.asp?id=360884 | COGENT Cogent/PSI
174 | 80.245.39.21 | EU | 291 | admin.2xmoinscher.com |
http://admin.2xmoinscher.com/admin/intranet.asp | COGENT Cogent/PSI
174 | 80.245.39.34 | EU | 4 | achatvente.3suisses.fr |
http://achatvente.3suisses.fr/CD/detail.asp?id=56482 | COGENT Cogent/PSI
174 | 80.245.39.34 | EU | 2 | bonbiz.net |
http://www.bonbiz.net/cd-musique/Mister-mystere-d1168281.html | COGENT
Cogent/PSI
_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security
Please do not Forward, CC, or BCC this E-mail outside of the
nsp-security
community. Confidentiality is essential for effective Internet security
counter-measures.
_______________________________________________
More information about the nsp-security
mailing list