[nsp-sec] ACK: 2119 mass SQL injections (robint.us)
Helge Aksdal
helge.aksdal at telenor.com
Thu Jun 10 12:22:23 EDT 2010
* Dirk Stander (2010-06-10 17:20):
> ----------- nsp-security Confidential --------
>
> Hi,
>
> i'm sending this by courtesy of shadowserver.
>
> This is a list of web sites found as Referer:s in HTTP-requests to
> robint.us. This domain name has been used in some SQL injection
> attempts and has been sinkholed by the shadowserver foundation.
>
> You'll find some more information here:
> http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100609
>
> Traces of the SQL injections can be found in the IIS webserver logs
> by searching for strings like:
> "dEcLaRe%20 at s%20vArChAr(8000)%20sEt%20 at s=0x6445634C6152652040742076" ....
>
> The format of the list is:
> <ASN> | <IP> | <CC> | <hits> | <domain> | <sample URL> | <AS desc>
>
> kind regards, Dirk :.
>
> 2119 | 62.92.26.166 | NO | 215 | dokkhuset.no | http://dokkhuset.no/konserter.asp | TELENOR-NEXTEL T.net
Thanks!
--
Helge Aksdal
Telenor
More information about the nsp-security
mailing list