another round of sql-injection atttempt
218.213.77.96/a.js
Posted in sql injection on May 28, 2009 by s3cua recent round of sql-injected link.
Read more »
3b3.org/c.js
Posted in sql injection on April 16, 2009 by s3cuThis sql-injected script src has been around for some time.
The interesting point of this script is that it behaves differently if the injected site is from “.gov.cn” or “.edu.cn”. Code as shown below: Read more »
cn0093.cn/v.js
Posted in sql injection on March 9, 2009 by s3cufollowing previous post, a new injected script has emerged that resolves to same IP.
v.js retrieves another iframe src www.vieio.cn/i.htm.
This exploitation kit tries to avoid detection by splitting each respective exploit into 2 files. One .htm and .js
tsnse.cn/i.js
Posted in sql injection on March 5, 2009 by s3cuThis sql-injected script calls iframe www.gomne.cn/yh.htm
deabak.com/z.js
Posted in sql injection on February 26, 2009 by s3cuthis is a new script that are being sql-injected.
z.js contains a iframe from www.893500.cn/2/index.htm
iwdown.com/inc/e.js
Posted in sql injection on January 22, 2009 by s3cuthis sql-injected URL contains iframes to www.advpoints.com.
Seems to be profiting thru referrals rather than injecting malware.
u.winzxm.com
Posted in sql injection on January 21, 2009 by s3cuanother sql-injected domain….this one works.
Iterating through the obfuscated JS, it finally exploits þe typical set of vulnerabilities like IE7, flash, snapshot view etc.
allspaces.com/z.js
Posted in sql injection on January 19, 2009 by s3cuthis is another sql-injected URL. However z.js does not seem to be accessible.
har5launo.com/cgi-bin/index.cgi?dx
Posted in Mebroot on January 8, 2009 by s3cuURL contains malicious javascript which eventually links to Mebroot trojan.
[VT results=4/38]
