Finding attack logs

From Malware Guru

Revision as of 03:05, 16 December 2008 by Crane Ku (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

SQL Injection Finder

Tool to help determine .asp pages targeted by recent SQL Injection attacks
Usage:
1. Launch SQLInjectionFinder.exe on the IIS machine where the suspected SQL Injection occurred.
2. The tool looks for the location of the IIS Logs (as it may or may not be in system32\Logfiles)
3. It then navigates through each subfolder and parses each IIS log... looking for “CAST(“ statements
4. If suspicious entries are found, CSV output files are created at the following location:

  %Systemdrive%\CSSSEC_SQLInJectFinder\DATA
Retrieved from "http://www.malwareguru.org/mediawiki/index.php/Finding_attack_logs"