Author Topic: SQL Injected jscript sites  (Read 72617 times)

0 Members and 1 Guest are viewing this topic.

June 30, 2008, 08:51:04 pm
Reply #45

sowhat-x

  • Guest
Heh,they have been rebooted for maintenance or something:
i tried 5 minutes ago and they were down,i tried 2 minutes ago,and they were up...

June 30, 2008, 08:55:11 pm
Reply #46

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
hehe ya gotta love 'em
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

June 30, 2008, 09:01:50 pm
Reply #47

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation


Thanks, added the missing ones to my list.

I had been remiss in adding new entries here when I updated http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514 so several got added there that didn't show up here.  Sorry about that.
The Shadowserver Foundation

June 30, 2008, 09:06:28 pm
Reply #48

sowhat-x

  • Guest
Lol no problem,here's another one for you  ;)
Quote
hxxp://www.maigol.cn/ri.js
Very fresh...google returns nada for the time being,he-he...

June 30, 2008, 09:14:35 pm
Reply #49

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
Lol no problem,here's another one for you  ;)
Quote
hxxp://www.maigol.cn/ri.js
Very fresh...google returns nada for the time being,he-he...

Added, thanks!
The Shadowserver Foundation

June 30, 2008, 09:41:16 pm
Reply #50

sowhat-x

  • Guest
...is it my impression,or it seems like Google got fed up with the Asprox guys,
and decided to go...the "hard" way against them,he-he... 8)

Quote
src=http://www.j8j8hei.cn/k.js
-> Now it returns only 14300 results instead of 235000...

June 30, 2008, 11:20:44 pm
Reply #51

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 01, 2008, 04:54:02 pm
Reply #52

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
...is it my impression,or it seems like Google got fed up with the Asprox guys,
and decided to go...the "hard" way against them,he-he... 8)

Quote
src=http://www.j8j8hei.cn/k.js
-> Now it returns only 14300 results instead of 235000...

Try querying some of the other "googles".  Like, google.co.uk or google.com.au or google.de.  I find I get different counts.  google.com has a more aggressive expiry.

Also, new domains this morning:
www.cntrl62.com
www.config73.com
www.default37.com
The Shadowserver Foundation

July 01, 2008, 05:25:37 pm
Reply #53

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
The Shadowserver Foundation

July 01, 2008, 09:13:13 pm
Reply #54

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964


July 02, 2008, 08:23:25 pm
Reply #56

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 03, 2008, 12:38:52 pm
Reply #57

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
The Shadowserver Foundation

July 03, 2008, 07:24:58 pm
Reply #58

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

July 05, 2008, 02:19:55 pm
Reply #59

sowhat-x

  • Guest
Quick'n'dirty list of sites and blogs that have recently posted lists of sql injection sites,
in case we've missed any of them...some of them are frequently updated as well:
http://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspx
http://infosec20.blogspot.com/2008/06/asprox-sql-injection-botnet-and-iframe.html
http://s3cwatch.wordpress.com/

Ilion's blog is mentioned earlier in the thread...and ShadowServer's wiki obviously  :)