Incidents
Mysterious JavaScript appearance in website database Apr 14 2008 11:03PM
Glenn Gillis (glenn elaw org test-google-a com) (3 replies)
Re: Mysterious JavaScript appearance in website database Apr 15 2008 07:26AM
Bojan Zdrnja (bojan zdrnja gmail com) (1 replies)
Re: Mysterious JavaScript appearance in website database Apr 15 2008 07:20PM
Glenn Gillis (glenn elaw org test-google-a com)
Bojan Zdrnja wrote, On 4/15/2008 12:26 AM:
> Glenn,
>
> It's almost certainly an SQL injection attack that inserted the line
> of code above to all your HTML pages. These have become very common
> lately.
>
> I wrote a diary describing such an attack at
> http://isc.sans.org/diary.html?storyid=3823
>
> Cheers,
>
> Bojan

Thanks, everyone, for your informative replies. I feel a little sheepish
for not having heard of the Midhena virus prior to this, but as many
of you pointed out, that seems to have been what got us.

I wish I could update our CMS (if the vendor still supported it, instead
of having moved on to deploying Plone sites!) I do believe I know the
entry point of the SQL injection, however, and have a good backup of the
database from just prior to the attack to roll back to.

Thanks again!
--
Glenn Gillis
ELAW U.S. Information Technology Manager
Environmental Law Alliance Worldwide

P.S. Sorry for tripping everyone's email anti-virus software by
enclosing the text of the .js file in my post! G.

[ reply ]
Re: Mysterious JavaScript appearance in website database Apr 15 2008 05:56AM
Bob Cunningham (bob cdsinc com)
Re: Mysterious JavaScript appearance in website database Apr 14 2008 11:53PM
Jon Oberheide (jon oberheide org) (1 replies)
Re: Mysterious JavaScript appearance in website database Apr 15 2008 04:49PM
Yuli Stremovsky (stremovsky gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus