MS06-044 XSS exploits in the wild

["Moyer, Shawn - St. Louis, MO" <shawn.moyer () stl usda gov>]

We have seen a number of XSS exploit attempts with MS06-044 payloads in
the past few days. Several are using the site below to load payloads.
The attackers appear to be compromising small ecommerce sites via SQL
injection vulns and then loading the XSS from there.

The code is hosted on the site below, and loads payloads for IE /
MS06-044 and Firefox 1.5.4 and 1.0.4. 

http://ijk.cc./E/



-- shawn

Shawn Moyer, CISSP CCNA CNIE
OCIO :: ITS :: Operations Security
1520 Market Street (FC-432B) 
Saint Louis, MO, 63103