Select Page

Updated from: The xiaobaishan bomb.

Ok, when I posted about the xiaobaishan bomb, apparently the site this little hackermuffin was using went blammo, so he picked a new one. We where hacked againg, this the script calling:

<script src=></script>

Tricky little fucker.

In fact, this hack is pretty well thought out. Like I said on a previous post, this was a sql injection, but our application is made to block sql injection of all kinds. What happened?

This is a Windows vulnerability. What the hacker did was attempt to run around the code and gain access to the Windows Media Player library via our /images/ folder. They found an image they liked, They ran a some kind of script, and gained access to run a sql insertion script that the application itself did not allow.

UPDATE: I’ve got new info on this. It’s a pure sql injection hack.

Sneaky fucker.

Apparently, this a vulnerability that Microsoft put out a patch to, and our hosting provider didn’t run it against our VPS yet.

UPDATE:  Yes they did.  Whoopsee.

So to protect your server against this hack, have your hosting provider run the latest updates for the vulnerability.

Right now, there is a reported 10,000 sites affected by this hack.