• 發布單位:TWCERT/CC
• 更新日期:2019-03-22
• 點閱次數:623

●總結: IBM xforce在GMT1月22日偵測到來自中國的SQL injection攻擊，後續在1月23日、24日又偵測到攻擊，TWCERT/CC提醒參考以下IP列表，做必要之防護作為。 ●攻擊類型：SQL Injection ●來源IP： 27[.]8.241.180 123[.]206.194.143 123[.]206.198.188 223[.]71.149.164 175[.]2.24.66 202[.]10.78.45 115[.]159.126.103 171[.]108.175.78 101[.]226.65.108 101[.]226.85.67 123[.]56.140.148 115[.]29.113.190 110[.]85.4.102 60[.]163.169.55 14[.]115.181.70 202[.]105.72.140 118[.]122.39.207 14[.]114.110.172 112[.]125.124.6 182[.]135.6.172 114[.]215.125.186 218[.]73.114.213 ●Payload event- info=URL=/TEXTBOX2.ASP,arg=action=modify&news;id=122 and 1=2 union select 1⬡2⬡admin+password⬡4⬡5⬡6⬡7 from shopxp_admin,protocol=http,field=newsid,value=122 and 1=2 union select 1⬡2⬡admin+password⬡4⬡5⬡6⬡7 from shopxp_admin ●Estimated Records leaked Unknown ●參考來源： https://exchange.xforce.ibmcloud.com/collection/Aggressive-SQL-Injection-Activity-342551c67e22ea041f8fbbc630358f19

參考連結：

https://exchange.xforce.ibmcloud.com/collection/Aggressive-SQL-Injection-Activity-342551c67e22ea041f8fbbc630358f19