Latest Injection Attack: DECLARE, SET and CAST

Discussion in 'other security issues & news' started by Tech Manager, Aug 27, 2008.

Thread Status:
Not open for further replies.
  1. Tech Manager

    Tech Manager Registered Member

    Jan 7, 2008
    I have been monitoring one of the latest injection hack attempts since early July. The attack is pervasive and appears to be powered through one or several of the larger Botnets. The attack, whether successful or not is not hard to miss. It shows up as a rather lengthy piece of hexadecimal code in your server logs with the visible commands DECLARE, SET and CAST.

    Watch your server logs for something like this: :DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0×4445434C415245204054207661726368617228323535292C40432076617263686172

    I've written a brief article about the subject with the decoded injection and the js included from the originating site in China: I also include .htaccess info for preventing the attack.

    Read the article here
Thread Status:
Not open for further replies.