Rapid7 Vulnerability & Exploit Database

Past compromise with SQL injection used to host malware

Back to Search

Past compromise with SQL injection used to host malware

Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
05/02/2008
Created
07/25/2018
Added
05/02/2008
Modified
12/04/2013

Description

The system appears to have been compromised using SQL injection. Starting in January of 2008, more than 500,000 websites were compromised using stored or blind SQL injection vulnerabilities. The purpose of these attacks has been to inject HTML and JavaScript in an attempt to compromise the systems of users who visit the site using known browser vulnerabilities.

The SQL injection hack manifests itself as HTML <script> references to known malware domains, including "nmidahena.com", "aspder.com", "nihaorr1.com", and "winzipices.cn". The list of known malware hosting domains continues to grow over time, although the injection techniques remain the same.

Solution(s)

  • spider-fix-stored-malware-sql-injection

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;