pageoneresults - 10:40 am on May 27, 2008 (gmt 0)

andy1, I'm going to let someone with a bit more experience jump in on the topic. That is about as far as I can take it without getting "others" involved. I have an old client site that got hit. Its one of those "information sites" that gets updated once every year or so. Pretty much a trouble free third party host too. And then the sql injection attack. That's how I became aware of it and what was done to address it. I believe the pages are being rebuilt to remove any further risks. Again, it all goes back to the original programming of the page and how the sql statements are constructed. I have a sneaky suspicion that I'm "only partially correct" in this particular instance and that is why I need to bow out now gracefully before I get in too deep. ;)

I'd like to send out a plea to all Webmasters to double check your website installations. This is a rather nasty hack and the payload is a bit unfriendly. A landing page with multiple <iframes> each one doing something different to the user. Scary stuff.

For those of you on Windows, I'll bet some of you have a big gaping hole in some of your asp pages and don't even know it. Check your sql records for the .js scripts. It is truly viral.