[nsp-sec] mass SQL injections (robint.us)
Yiming Gong
yiming.gong at xo.com
Fri Jun 11 10:12:03 EDT 2010
ack
2828 | 64.245.136.150 | US | 2 | colapin-bag.com |http://www.colapin-bag.com/ | XO-AS15 - XO Communications
Sanitized info sent to our abuse team, thanks
Yiming
On 06/10/2010 10:20 AM, Dirk Stander wrote:
> ----------- nsp-security Confidential --------
>
> Hi,
>
> i'm sending this by courtesy of shadowserver.
>
> This is a list of web sites found as Referer:s in HTTP-requests to
> robint.us. This domain name has been used in some SQL injection
> attempts and has been sinkholed by the shadowserver foundation.
>
> You'll find some more information here:
> http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20100609
>
> Traces of the SQL injections can be found in the IIS webserver logs
> by searching for strings like:
> "dEcLaRe%20 at s%20vArChAr(8000)%20sEt%20 at s=0x6445634C6152652040742076" ....
>
> The format of the list is:
> <ASN> |<IP> |<CC> |<hits> |<domain> |<sample URL> |<AS desc>
>
> kind regards, Dirk :.
>
More information about the nsp-security
mailing list