Author Topic: SQL Injected jscript sites  (Read 70256 times)

0 Members and 1 Guest are viewing this topic.

June 08, 2008, 12:34:52 am
Reply #30

pcaccent

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 190
<script src=hxxp://www.advertbnr.com/b.js></script>
<script src=hxxp://www.bannerupd.com/b.js></script>
<script src=hxxp://www.cookieadw.com/b.js></script>
<script src=hxxp://www.en-us18.com/b.js></script>
<script src=hxxp://www.refer68.com/b.js></script>

June 08, 2008, 07:54:11 pm
Reply #31

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

June 11, 2008, 06:25:45 pm
Reply #32

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
Added:

hxxp://www.bigadnet.com
hxxp://www.fengnima.cn
hxxp://www.adsitelo.com
hxxp://www.advabnr.com
hxxp://www.qiqicc.cn

As a reminder, the full list I'm maintaining is at:
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514
The Shadowserver Foundation

June 11, 2008, 06:45:17 pm
Reply #33

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964
Thank you YanceySlide.

June 14, 2008, 05:06:55 am
Reply #34

pcaccent

  • Special Access
  • Sr. Member

  • Offline
  • *

  • 190
hxxp://www.jetadwor.com/b.js

June 14, 2008, 06:48:02 pm
Reply #35

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

June 18, 2008, 01:33:22 am
Reply #36

sowhat-x

  • Guest
Google for:
Quote
iframe src=http://www.oiok01.net/s1.htm?

June 27, 2008, 05:55:12 am
Reply #37

sowhat-x

  • Guest
Quote
src=http://www.clsiduser.com/b.js
src=http://www.domaincld.com/b.js
src=http://www.updatead.com/b.js

And the following ones...which in contrast with the above,
either they've just started injecting around,or they're older failed attempts...
Quote
src=http://www.app52.com/b.js
src=http://www.asp707.com/b.js
src=http://www.aspx49.com/b.js
src=http://www.aspssl63.com/b.js

Have a nice day...  :-*

June 27, 2008, 12:49:37 pm
Reply #38

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
Sorry, I haven't been updating this thread like I meant to. :(

The following are new as of today:
hxxp://www.adwste.mobi
hxxp://www.bnrupdate.mobi
hxxp://www.adupd.mobi

They're not yet being injected, but they are Danmec/Asprox domains.
The Shadowserver Foundation

June 27, 2008, 05:06:59 pm
Reply #39

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
Four more:
hxxp://www.adwsupp.com
hxxp://www.hdadwcd.com
hxxp://www.kadport.com
hxxp://www.suppadw.com
The Shadowserver Foundation

June 27, 2008, 10:54:08 pm
Reply #40

JohnC

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1964

June 30, 2008, 05:21:42 pm
Reply #41

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
New:
hxxp://www.web923.com
The Shadowserver Foundation

June 30, 2008, 06:51:57 pm
Reply #42

YanceySlide

  • Jr. Member

  • Offline
  • **

  • 31
    • The Shadowserver Foundation
Four more:
hxxp://www.csl24.com
hxxp://www.get49.net
hxxp://www.pid72.com
hxxp://www.pid76.net
The Shadowserver Foundation

June 30, 2008, 08:24:52 pm
Reply #43

sowhat-x

  • Guest
Quote
src=http://www.j8j8hei.cn/k.js -> 235000 sites injected...

The following ones haven't been injected that much yet...
Quote
src=http://www.qq117cc.cn/k.js
src=http://www.qq117cc.cn/ri.js
src=http://www.batch29.com/b.js
src=http://www.dl251.com/b.js
src=http://www.supbnr.com/b.js
src=http://www.hlpgetw.com/b.js
src=http://www.rid34.com/b.js

And the following to be blocked as well...
Quote
hxxp://www.bdsae.org.cn/bdsae/aa.htm?11
hxxp://www.qq117cc.cn/456.htm
hxxp://www.qq117cc.cn/dj.htm
hxxp://bnrupdate.mobi/cgi-bin/index.cgi?ad
hxxp://pid76.net/cgi-bin/index.cgi?ad
hxxp://hdadwcd.com/cgi-bin/index.cgi?ad
hxxp://adupd.mobi/cgi-bin/index.cgi?ad

June 30, 2008, 08:44:46 pm
Reply #44

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
The following aren't resolving for me atm?

Code: [Select]
Error 9001 - Can't resolve host j8j8hei.cn
Error 9001 - Can't resolve host www.j8j8hei.cn
Error 9001 - Can't resolve host qq117cc.cn
Error 9001 - Can't resolve host www.qq117cc.cn
Error 9001 - Can't resolve host qq117cc.cn
Error 9001 - Can't resolve host www.qq117cc.cn
Error 9001 - Can't resolve host bdsae.org.cn
Error 9001 - Can't resolve host www.bdsae.org.cn
Error 9001 - Can't resolve host qq117cc.cn
Error 9001 - Can't resolve host www.qq117cc.cn
Error 9001 - Can't resolve host qq117cc.cn
Error 9001 - Can't resolve host www.qq117cc.cn
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net