Hello,
I am looking for log analyzer that i can use to narrow down errors, sql injection and XSS(any from of attacks).
Thx in advance
Printable View
Hello,
I am looking for log analyzer that i can use to narrow down errors, sql injection and XSS(any from of attacks).
Thx in advance
demonize....you will probably get way more responses if you give us more info....like where these logs are??
Operating system, router, etc
I know that somepeople have all logs copied to a specific machine to then analyze??
How big are these logs???
MLF
the log file size is 22.9 mb
Part of the log:
Code:+and+1=convert(nvarchar,CHAR(+127+))%2B(select+@@servername)
+having+1=1--
id0=0%20/*!39999%20and%201=2*/--%20and%201=1 HTTP/1.1" 200 12371 "-" "pangolin/0.1"
id0=0%20and%20(select%20length(database())%20%20)%3C=32%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E16%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E24%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E28%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E30%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20length(database())%20%20)%3E31%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3C=256%20and%201=1 HTTP/1.1"
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E128%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E192%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E224%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E240%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E248%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E252%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E254%20and%201=1 HTTP/1.1" 200
id0=0%20and%20(select%20ascii(substr(database(),1,1))%20%20)%3E255%20and%201=1 HTTP/1.1" 200
The tool you use will depend on the APPLICATION that is logging the events....
there are ISA, SQL, Exchange, Event, Syslog, IIS, log analyzers
using Google and being a little more specific will really help in your search.
Looks like a bot
http://www.google.com/search?q=pango...e=utf8&oe=utf8
MLF
yup. looks like pangolin. sql injection bot. skiddie stuff
It ain't a sql bot, it's a browser based bot
http://www.botsvsbrowsers.com/details/144772/index.html
Test drive it here:
http://www.botsvsbrowsers.com/Simula...ngolin%2F0%2E1
Check your directory's and make sure everything is how it is supposed to be, also re-check your chmod permission settings.
WTF?Quote:
It ain't a sql bot, it's a browser based bot
pangolin is a pen program u initiate from a GUI that runs a bunch of automated dynamic sql that attempt a sql injection hack on a variety of websites. You tell it which DBMS and point it to a bunch of websites and it attempts to compromise the dbms.
Early versions (as referenced above) also contained a backdoor that sent the logs home to China.
http://www.nosec.org/en/pangolin.html
if walks and smells like a duck, it's a duck.
Call it what you like. :flash:
Scotty, beam me up...