Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - Have you seen this? InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Have you seen this?

Published: 2011-04-09
Last Updated: 2011-04-09 13:22:48 UTC
by Chris Carboni (Version: 1)
10 comment(s)

Steve writes,

"I can't put all the pieces together, but there's a malicious scheme afoot involving SQL insertion attempts and search engine optimization, I think.  Seeing logs with an insertion attempt for 0x31303235343830303536 (or "1025480056"), I googled the translated value.  There are a ton of hits on "1025480056" which include the SQL insertion attack in the link that Google presents.  Is this a magic number for Oracle, mysql or MS SQL?  Clearly evil, I'm not sure why, though."

Have you seen this before?  Do you have any idea what it is?  if so, please leave your comments.

Christopher Carboni - Handler On Duty

Keywords:
10 comment(s)
Diary Archives