What is this vulnerability?
Some of the 404 error logs I see on my website are obviously caused by vulnerable scanners, and in most cases I can figure out what it is scanning! (and this is mainly about sql injection)
However, I've seen a couple of magazines that I don't quite understand. You can see a sample of the requested URLs below:
http://example.com/}];this.forHtmlScript(SyntaxHighlighter.regexLib.aspScriptTags)}typeof
http://example.com/System.Web.AspNetHostingPermission,
I understand that the former is somehow trying to exploit some error in the highlighter syntax I used on the site (from http://alexgorbatchev.com ) and the latter is trying to exploit ASP.NET hosting errors.
My question is:
First of all, am I correct in assuming these logs are some kind of vulnerable scanner operation?
Also, what problem are they trying to exploit?
source to share
http://example.com/}];this.forHtmlScript(SyntaxHighlighter.regexLib.aspScriptTags)}typeof
I can tell the first line is possible with a script error, maybe you post this from javascript and see the error line, you or any other auto-translatable web program, false redirect (redirect error)
Nothing to use on this line
Oh System.Web.AspNetHostingPermission
Void looks like an exploit, it looks to me like you are trying to do a redirect somewhere and you get a throw exception inside that throw System.Web.AspNetHostingPermission
and you redirect it to this throw message which starts with thisSystem.Web.AspNetHostingPermission
Look at a similar throw message, you will see that it starts with your directory.
System.Web.AspNetHostingPermission, System, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed.
So in the end they are 99.9% bugs and don't use commands.
The last word
Check the ips that this is happening and see if its google, msn, or some other index that usually finds pages and link combinations that you don't have. Even I think the first one is an auto-translation page that is trying to highlight some text.
source to share