Mass SQL injection on way targetting Microsoft IIS Web Server and Microsoft SQL Server with poorly written ASP and ASPX (.net) code, NOT vulnerability of these applications.
Meanwhile, blackhole these domains from your firewall: nmidahena.com, aspder.com and nihaorr1.com related: http://forums.iis.net/p/1148917/1868237.aspx http://blogs.technet.com/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx thanks, -bipin On Mon, Apr 28, 2008 at 2:28 PM, sarose <[EMAIL PROTECTED]> wrote: > > hi folks, > > This is OT here but you guys need to be awared immedaitely. I am not > sure Nepal has any security forums. > > 0-day attacks, mainly Injection, are in widespread and some of the > well-known hosting company to high profile sites are under serious > threat. > > It seems to me a leak in industry backed defensive measure against > XSS / SQL Injection. Once again the mitigation for Injection > vulnerabilities need a serious revisit. > > It might be offending to post here but for the sake of awareness, i > want you guys to get alert the concern authority and make sure they > patched the leaks along with removing the existed injected codes > (javascript / remote code). > > Check (As in context to Nepalese Site) > > http://www.google.com/search?num=100&hl=en&q=%22%3Cscript+src-%22http%3A%2F%2Fwww.nihaorr1.com%22+nepal&btnG=Search > > > http://www.google.com/search?num=100&hl=en&q=%22%3Cscript+src%3Dhttp%3A%2F%2Fwww.aspder.com%22+nepal&btnG=Search > > > http://www.google.com/search?hl=en&q=%22%3Cscript+src-%22http%3A%2F%2Fwww.nmidahena.com%22&btnG=Google+Search&aq=f > > > > I have a IDS running here and i need to find out the exact payloads. > If you have the payloads and can replay share with me. > > > -- > Sarose > > > > > -- X-No-Archive: --~--~---------~--~----~------------~-------~--~----~ FOSS Nepal mailing list: [email protected] http://groups.google.com/group/foss-nepal To unsubscribe, e-mail: [EMAIL PROTECTED] Community website: http://www.fossnepal.org/ -~----------~----~----~----~------~----~------~--~---
