NOTE: I used the 'contact us' form at IIS.net to ask for a direct email to send the info below, and they said to 'post it on the support forum'. (see at the end of this blog entry a screenshot of the email I sent to IIS.NET)
Btw, since the issue is still there (a week later), I think this is a honeypot
Here is blog entry I was writing when I found this (saved as a draft since).
This is either a funny joke, or an attack gone wrong.
When I was adding some references to my What happens when Asp.Net not installed on Windows 8 server post, I noticed something weird with one of the urls used as references
Can you spot the issue?
What about like this:
Just to confirm that something hadn't happened with my copy and paste, I went to the browser and confirmed that it was the correct URL
Note how these variation of the original URL don't work
BUT, these work:
The last ones seems to imply that there is an SQL Injection here
Now the question is where do the links with the SQL Injection payload come from?
Weirdly, it looks like they come directly from their own website!
A search for: http://www.iis.net/search?searchterm=IIS%208.0%20Using%20ASP.NET%203.5%20and%20ASP.NET%204.5
shows the SQL injection payload in there:
Same thing in Google (note the full URL in the address bar):
And sure enough, there are more cases:
Humm, this is a bit weird, since It looks like an SQL Injection, but somehow I think this is a honeypot.
But since Google doesn't return any decent hits on that
And I’m not authorized to make any ‘SQL Injection’ tests on this side, I’m going to contact the website owners and see what they say about it
Note: Email sent to IIS.NET support team (note how they never replied to my 2nd email