Latest Injection Attack: DECLARE, SET and CAST

Discussion in 'other security issues & news' started by Tech Manager, Aug 27, 2008.

Thread Status:
Not open for further replies.
  1. Tech Manager

    Tech Manager Registered Member

    Joined:
    Jan 7, 2008
    Posts:
    61
    I have been monitoring one of the latest injection hack attempts since early July. The attack is pervasive and appears to be powered through one or several of the larger Botnets. The attack, whether successful or not is not hard to miss. It shows up as a rather lengthy piece of hexadecimal code in your server logs with the visible commands DECLARE, SET and CAST.

    Watch your server logs for something like this: :DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0×4445434C415245204054207661726368617228323535292C40432076617263686172

    I've written a brief article about the subject with the decoded injection and the js included from the originating site in China: douhunqn.cn. I also include .htaccess info for preventing the attack.

    Read the article here
     
    Tech Manager, Aug 27, 2008
    #1
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...