[nsp-sec] ACK AS852 - RE: mass SQL injections (robint.us)
Chris Calvert
Chris.Calvert at telus.com
Thu Jun 10 18:52:33 EDT 2010
ACK for AS852.
Thanks Dirk
Chris
> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net [mailto:nsp-security-
> bounces at puck.nether.net] On Behalf Of Dirk Stander
> Sent: Thursday, June 10, 2010 9:21 AM
> To: nsp-security at puck.nether.net
> Subject: [nsp-sec] mass SQL injections (robint.us)
> Importance: High
>
> ----------- nsp-security Confidential --------
>
> Hi,
>
> i'm sending this by courtesy of shadowserver.
>
> This is a list of web sites found as Referer:s in HTTP-requests to
> robint.us. This domain name has been used in some SQL injection
> attempts and has been sinkholed by the shadowserver foundation.
>
> You'll find some more information here:
> http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100609
>
> Traces of the SQL injections can be found in the IIS webserver logs
> by searching for strings like:
> "dEcLaRe%20 at s%20vArChAr(8000)%20sEt%20 at s=0x6445634C6152652040742076"
More information about the nsp-security
mailing list