Highlighted

Fuzzing? Or something sinister?

LEGEND ,
Mar 22, 2017

Copy link to clipboard

Copied

Hello, all,

It has recently been brought to my attention that someone in Germany has been trying some pretty weird things with our public-facing website, and I'm inclined to believe that these actors are just trying to fuzz our servers.  Pen testing in the wild, so to speak.

But then there's that paranoid part of me that is thinking this could be something else, something malicious.

This/these person(s) are flooding our web servers with GET requests that are odd:

GET/60,83,84,89,76,69,62,108,105,32,123,108,105,115,116,45,115,116,121,108,101,45,105,109,97,103,101,58,32,117,114,108,40,34,106,97,118,97,115,99,114,105,112,116,58,106,97,118,97,115,99,114,105,112,116,58,56,55,56,48,53,52,97,101,48,100,52,54,54,52,100,53,53,98,48,101,49,98,55,50,53,98,51,48,101,57,50,57,34,41,59,125,60,47,83,84,89,76,69,62,60,85,76,62,60,76,73,62,88 HTTP/1.1

Someone here managed to decode this:

<STYLE>li {list-style-image:url("javascript:javascript:878054ae0d4664d55b0e1b725b30e929");}</STYLE><UL><LI>

Now, I've never seen "javascript:javascript:{random string}", before.  Is this an attempt to inject code into our website???  Or is this a part of a fuzzing technique?  Something worse??  Something weak a script-kiddie would use?

V/r,

^_^

Views

343

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Fuzzing? Or something sinister?

LEGEND ,
Mar 22, 2017

Copy link to clipboard

Copied

Hello, all,

It has recently been brought to my attention that someone in Germany has been trying some pretty weird things with our public-facing website, and I'm inclined to believe that these actors are just trying to fuzz our servers.  Pen testing in the wild, so to speak.

But then there's that paranoid part of me that is thinking this could be something else, something malicious.

This/these person(s) are flooding our web servers with GET requests that are odd:

GET/60,83,84,89,76,69,62,108,105,32,123,108,105,115,116,45,115,116,121,108,101,45,105,109,97,103,101,58,32,117,114,108,40,34,106,97,118,97,115,99,114,105,112,116,58,106,97,118,97,115,99,114,105,112,116,58,56,55,56,48,53,52,97,101,48,100,52,54,54,52,100,53,53,98,48,101,49,98,55,50,53,98,51,48,101,57,50,57,34,41,59,125,60,47,83,84,89,76,69,62,60,85,76,62,60,76,73,62,88 HTTP/1.1

Someone here managed to decode this:

<STYLE>li {list-style-image:url("javascript:javascript:878054ae0d4664d55b0e1b725b30e929");}</STYLE><UL><LI>

Now, I've never seen "javascript:javascript:{random string}", before.  Is this an attempt to inject code into our website???  Or is this a part of a fuzzing technique?  Something worse??  Something weak a script-kiddie would use?

V/r,

^_^

Views

344

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Mar 22, 2017 0
Advocate ,
Mar 22, 2017

Copy link to clipboard

Copied

I've never heard the phrase fuzzing but it could be sinister or accidental, but definitely a scan of some sort. Here, we treat everything as hostile until we determine otherwise -- but we deal with payments so we tend to be very protective, bordering paranoid.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 22, 2017 0
LEGEND ,
Mar 22, 2017

Copy link to clipboard

Copied

Hi, Steve Sommers​,

https://forums.adobe.com/people/Steve+Sommers  wrote

but we deal with payments so we tend to be very protective, bordering paranoid.

I know how that goes.  I'm working for USG DoD, and paranoia is the M.O., here.

"Fuzzing" is a black hat method of automated probing for security vulnerabilities using malformed data injection.

V/r,

^_^

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Mar 22, 2017 0