SQL Injection attempt hidden in email
I found this email in my junk mail box this morning and moved it to the Inbox to see different formatting in the email. The first example is a screen shot of the email in my Inbox:
This show below is the same message in my junk email box
Hidden in the ‘story’ text is SQL injection code. If a website, or webmail system accepts scripts or codes, then the code hidden in this text can potentially execute if the Admin password is blank or ‘Admin’. The script can then take possession of the root of the machine, compromising security of the machine, removing data, accessing databases or turning the server into something that could be remotely compromised.
Fortunately my hosted exchange server, recognised the attack and dumped the email into my junk email folder, displaying the text – which had been hidden in the top message.
If your website has been compromised, you should report it – and be aware how Injection attacks work – to make sure you keep your web site safe…
Something to watch out for
Eileen is a social business and social media strategist and consultant at Amastra, a columnist at ZDNet and author of Working The Crowd: Social Media Marketing for Business. Contact Eileen to find out how she can help your business extend its reach.
Sorry, the comment form is closed at this time.