[nsp-sec] ACK 1221 mass SQL injections (robint.us)
Saunders, D'Wayne S
DWayne.Saunders at team.telstra.com
Thu Jun 10 21:27:00 EDT 2010
ACK 1221
Thanks
----------- nsp-security Confidential --------
Hi,
i'm sending this by courtesy of shadowserver.
This is a list of web sites found as Referer:s in HTTP-requests to
robint.us. This domain name has been used in some SQL injection
attempts and has been sinkholed by the shadowserver foundation.
You'll find some more information here:
http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100609
Traces of the SQL injections can be found in the IIS webserver logs
by searching for strings like:
"dEcLaRe%20 at s%20vArChAr(8000)%20sEt%20 at s=0x6445634C6152652040742076" ....
The format of the list is:
<ASN> | <IP> | <CC> | <hits> | <domain> | <sample URL> | <AS desc>
kind regards, Dirk :.
1221 | 203.55.180.130 | AU | 2 | msdsonline.com.au | http://www.msdsonline.com.au/CALTEX/msds/results.asp?SEARCH_FIELD=unleaded&SEARCH_TYPE=byProductName&LIKE_SEARCH=on&Assessment_code=&RequestString=&In_Caller=&SearchKey=&doSearch=Search | ASN-TELSTRA Telstra Pty Ltd
_______________________________________________
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20100611/05300f0f/attachment-0001.sig>
More information about the nsp-security
mailing list