| VID |
210090 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server contains links to malicious javascript files. This means that the target web site has been compromised by an Internet worm, and it might infect its visitors as well. This also indicates that the infected web site is vulnerable to SQL injection attacks. Attackers have crafted an automated attack that can take advantage of SQL injection vulnerabilities in web pages that do not follow security best practices for web application development.
* Note: This check checks depending on whether links to uc8010-dot-com and ucmal-dot-com are detected within web pages crawled in the target Web site.
* References:
http://isc.sans.org/diary.html?storyid=3810
http://secunia.com/advisories/28276/
http://www.frsirt.com/english/advisories/2008/0016
http://www.kb.cert.org/vuls/id/871673
http://explabs.blogspot.com/2008/01/so-this-is-kind-of-interesting.html
http://blogs.iis.net/bills/archive/2008/04/25/sql-injection-attacks-on-iis-web-servers.aspx
* Affected Platforms:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
Restore the infected web site to its original state, and audit your dynamic pages for SQL injection vulnerabilities. |
| Related URL |
CVE-2008-0098 (CVE) |
| Related URL |
27091 (SecurityFocus) |
| Related URL |
(ISS) |
|
