Updated from: The xiaobaishan bomb.
Ok, when I posted about the xiaobaishan bomb, apparently the site this little hackermuffin was using went blammo, so he picked a new one. We where hacked againg, this the script calling:
Tricky little fucker.
In fact, this hack is pretty well thought out. Like I said on a previous post, this was a sql injection, but our application is made to block sql injection of all kinds. What happened?
This is a Windows vulnerability. What the hacker did was attempt to run around the code and gain access to the asp.net Windows Media Player library via our /images/ folder. They found an image they liked, They ran a some kind of script, and gained access to run a sql insertion script that the application itself did not allow.
UPDATE: I’ve got new info on this. It’s a pure sql injection hack.
Apparently, this a vulnerability that Microsoft put out a patch to, and our hosting provider didn’t run it against our VPS yet.
UPDATE: Yes they did. Whoopsee.
So to protect your server against this hack, have your hosting provider run the latest updates for the vulnerability.
Right now, there is a reported 10,000 sites affected by this hack.