| Author |
Message |
steve_lemaster
Worker
Joined: Dec 26, 2006
Posts: 178
|
 Posted:
Mon Aug 25, 2008 8:11 pm |
|
User Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) Query String: name=News&file=article&sid=725';DECLARE @S CHAR(4000);SET @S=CAST(*load of numbers removed* AS CHAR(4000));EXEC(@S); |
_________________
The urge to save humanity is often a false front for the urge to rule.
- H.L. Mencken |
|
 
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Mon Aug 25, 2008 11:59 pm |
|
|
|
|
|
steve_lemaster
|
| Posted:
Tue Aug 26, 2008 8:32 am |
|
Thanks. But, you have no idea what it's like to trying to find something that you don't understand. |
| |
|
|
|
|
jakec
|
| Posted:
Tue Aug 26, 2008 10:33 am |
|
I don't really understand it myself, but a search for "declare and cast" would have found the post. There have been two other posts within the past couple of days with the same thing. |
| |
|
|
|
|
steve_lemaster
|
| Posted:
Tue Aug 26, 2008 10:40 am |
|
Thanks.
What you have to understand is that it's all new to me. I could not have possibly known what "declare and cast" means, so naurally I would not have known what to look for.
But, it appears to be fixed now. |
| |
|
|
|
|
jakec
|
| Posted:
Tue Aug 26, 2008 10:47 am |
|
I understand, I was just trying to give you a gentle nudge in the right direction. 
I'm glad you've got it working.
 |
| |
|
|
|
|
steve_lemaster
|
| Posted:
Tue Aug 26, 2008 10:50 am |
|
NP 
Can you point me to where I can learn more about this type of attack? |
| |
|
|
|
|
Gremmie
Former Moderator in Good Standing
Joined: Apr 06, 2006
Posts: 2415
Location: Iowa, USA
|
| Posted:
Tue Aug 26, 2008 11:13 am |
|
evaders99 posted a link to an explanation in the same thread that I posted the .htacess rewrite rule.
The ironic thing is that this attack is meant for a completely different system than Nuke. I love it when people just try things at random a ba-jillion times. |
_________________
Only registered users can see links on this board! Get registered or login! - An Event Calendar for PHP-Nuke
Only registered users can see links on this board! Get registered or login! - A Google Maps Nuke Module |
|
|
|
|
steve_lemaster
|
| Posted:
Tue Aug 26, 2008 11:22 am |
|
I just thank the people who wrote NukeSentinel. Glad to see my donations help.
Thanks for your patience. |
| |
|
|
|
|
sebastiaan
New Member
Joined: Apr 27, 2009
Posts: 21
Location: The Netherlands
|
| Posted:
Sat Jul 18, 2009 6:13 am |
|
when you see a agent like this (User Agent: Mozilla/4.0 ) most of the time its abot msn (bing) google als becarefull whit the googlemedia bot that bot likes the admin.php |
| |
|
 |
|
Guardian2003
Site Admin
Joined: Aug 28, 2003
Posts: 6799
Location: Ha Noi, Viet Nam
|
| Posted:
Sat Jul 18, 2009 8:55 am |
|
There should not be any open admin links for google-media to find.
Check your robots.txt is correct. It should have
/admin.php
and not
admin.php |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
