search
Carter Cole LinkedInCarters Twitter PageCarter Cole on Facebook Carter Coles RSS

Tuesday, March 29, 2011

The LizaMoon SQL Injection Attack

Ok so i ran into this SQL injection attack today and I wanted to throw up some info on how to clean your database, what the code probably looked like and what you need to do to protect yourself in the future... this is the little code snippet that is injected onto all the string columns in the database you can see how they use the </title> to try and jump out of the title tag (if a column is title tag) so the script would be run in the head. it also doesnt check for previos infections so you can see on some sites its strung 2 or 3 times
]]>
based on what ive seen and found Im gonna take an educated guess and say that this is a hackers spider that has been designed to look for fingerprints of exploitable code and automates the hacking. doing a google search for the string it drops you can find pages of results that have been compromised. here are some of the victims of the attack
  • http://www.cmobjects.com/default.asp?ID=09984D98CB604C0B8A69566F9145173E
  • http://www.cheerextreme.com/toast/toast.asp
  • http://www.ybm.org.il/hebrew/Article.aspx?Item=1139
and not only that there arent many people talking about it... apparently it made it to itunes at some point and other people have mentioned it on forums so who knows how many domains have been affected... ill update this soon with a removal stored procedure... i forgot the code at the office

0 remarks:

Post a Comment

Link to this post if you found it usefull

The LizaMoon SQL Injection Attack