2 Replies Latest reply on Mar 22, 2017 1:25 PM by WolfShade

    Fuzzing?  Or something sinister?

    WolfShade Level 4

      Hello, all,

       

      It has recently been brought to my attention that someone in Germany has been trying some pretty weird things with our public-facing website, and I'm inclined to believe that these actors are just trying to fuzz our servers.  Pen testing in the wild, so to speak.

       

      But then there's that paranoid part of me that is thinking this could be something else, something malicious.

       

      This/these person(s) are flooding our web servers with GET requests that are odd:

       

       

       

      GET/60,83,84,89,76,69,62,108,105,32,123,108,105,115,116,45,115,116,121,108,101,45,105,109,97,103,101,58,32,117,114,108,40,34,106,97,118,97,115,99,114,105,112,116,58,106,97,118,97,115,99,114,105,112,116,58,56,55,56,48,53,52,97,101,48,100,52,54,54,52,100,53,53,98,48,101,49,98,55,50,53,98,51,48,101,57,50,57,34,41,59,125,60,47,83,84,89,76,69,62,60,85,76,62,60,76,73,62,88 HTTP/1.1

       

      Someone here managed to decode this:

       

       

      <STYLE>li {list-style-image:url("javascript:javascript:878054ae0d4664d55b0e1b725b30e929");}</STYLE><UL><LI>

       

      Now, I've never seen "javascript:javascript:{random string}", before.  Is this an attempt to inject code into our website???  Or is this a part of a fuzzing technique?  Something worse??  Something weak a script-kiddie would use?

       

      V/r,

       

      ^_^