We caught this suspicious attempt through custom error page.
We got Telerik from a software company who initially developed the site, but they didn't keep their software updated
As you can see our Telerik version is 2013.1.403.35
Came across this article talking about gaining access to File Manager.
https://captmeelo.com/pentest/2018/08/03/pwning-with-telerik.html
In our case, it seems like it is trying to gain access to RadScriptManager1.
So we don't have a active maintenance plan, what should we do to prevent that?
Thank you
There were about 100 of them and then stopped.
https://www.yourdomain.com/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=RadScriptManager1_TSM&compress=1%25' UNION ALL SELECT NULL,NULL,NULL,NULL%23&_TSM_CombinedScripts_=;;System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken={key};Telerik.Web.UI, Version=2013.1.403.35, Culture=neutral, PublicKeyToken={key}&AspxAutoDetectCookieSupport=1
https://www.yourdomain.com/Telerik.Web.UI.WebResource.axd?_TSM_HiddenField_=RadScriptManager1_TSM&compress=1)
UNION ALL SELECT
NULL,NULL,NULL,NULL,NULL,NULL,NULL%23&_TSM_CombinedScripts_=;;System.Web.Extensions,
Version=4.0.0.0, Culture=neutral,
PublicKeyToken={key};Telerik.Web.UI,
Version=2013.1.403.35, Culture=neutral,
PublicKeyToken={key}&AspxAutoDetectCookieSupport=1