|
Incidents
Mysterious JavaScript appearance in website database Apr 14 2008 11:03PM Glenn Gillis (glenn elaw org test-google-a com) (3 replies) Re: Mysterious JavaScript appearance in website database Apr 15 2008 07:26AM Bojan Zdrnja (bojan zdrnja gmail com) (1 replies) Re: Mysterious JavaScript appearance in website database Apr 15 2008 05:56AM Bob Cunningham (bob cdsinc com) Re: Mysterious JavaScript appearance in website database Apr 14 2008 11:53PM Jon Oberheide (jon oberheide org) (1 replies) Re: Mysterious JavaScript appearance in website database Apr 15 2008 04:49PM Yuli Stremovsky (stremovsky gmail com) |
|
|
Privacy Statement |
> Glenn,
>
> It's almost certainly an SQL injection attack that inserted the line
> of code above to all your HTML pages. These have become very common
> lately.
>
> I wrote a diary describing such an attack at
> http://isc.sans.org/diary.html?storyid=3823
>
> Cheers,
>
> Bojan
Thanks, everyone, for your informative replies. I feel a little sheepish
for not having heard of the Midhena virus prior to this, but as many
of you pointed out, that seems to have been what got us.
I wish I could update our CMS (if the vendor still supported it, instead
of having moved on to deploying Plone sites!) I do believe I know the
entry point of the SQL injection, however, and have a good backup of the
database from just prior to the attack to roll back to.
Thanks again!
--
Glenn Gillis
ELAW U.S. Information Technology Manager
Environmental Law Alliance Worldwide
P.S. Sorry for tripping everyone's email anti-virus software by
enclosing the text of the .js file in my post! G.
[ reply ]