JMH
Banned
- Local time
- 7:41 PM
- Messages
- 6,448
More -
Tens of thousands of websites recently compromised in an injection attack, which employs some unusual obfuscation techniques, could start serving a malicious payload at any time.
Security researchers from the SANS Internet Storm Center (ISC) warn of a new SQL injection-like attack, which has compromised a significant number of websites.
The injected code is obfuscated inside the database using an unusual technique which involves calling the CAST() function twice to convert the string between different character sets.
First a variable @s is declared. Then the variable is defined by requesting a CAST on a string of hexadecimal values and finally the variable is executed.
The variable contains a second CAST command, which decodes to a hidden <iframe> element that calls a php script from a nemohuildiin.ru domain.
"This attack will try to update every varchar column in your database to append the iframe text shown. This has been a massive and successful attack," Manuel Humberto Santander Peláez, the ISC handler who investigated the compromise, writes.
Thousands of Recently Compromised Websites Waiting to Attack - - Softpedia
My Computer
At a glance
Win 7 Ultimate 64-bit. SP1.Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6...8 DDR 3 RAM. 1066MHZATI 1024 MB. DDR3. Radeon HD5650
- Computer Manufacturer/Model Number
- LAPTOP. HP Pavilion dv7-4010TX .
- OS
- Win 7 Ultimate 64-bit. SP1.
- CPU
- Intel i7 -720QM.[1.6GHz Turbo Boost 2.8GHz. 6MB Cache.]
- Memory
- 8 DDR 3 RAM. 1066MHZ
- Graphics Card(s)
- ATI 1024 MB. DDR3. Radeon HD5650
- Monitor(s) Displays
- 17.3" High Definition Brightview LCD. LED Backlit.
- Screen Resolution
- 1600 x 900.
- Hard Drives
- 640GB
- Case
- Laptop / notebook.
- Mouse
- Logitech Anywhere mouse. MX.
- Internet Speed
- ADSL [ but too slow ]
