SQL Injection attempt hidden in email

Clever attempt. 

I found this email in my junk mail box this morning and moved it to the Inbox to see different formatting in the email.  The first example is a screen shot of the email in my Inbox:

royalmail 1

This show below is the same message in my junk email box


Hidden in the ‘story’ text is SQL injection code.  If a website, or webmail system accepts scripts or codes, then the code hidden in this text can potentially execute if the Admin password is blank or ‘Admin’. The script can then take possession of the root of the machine, compromising security of the machine, removing data, accessing databases or turning the server into something that could be remotely compromised.

Fortunately my hosted exchange server, recognised the attack and dumped the email into my junk email folder, displaying the text – which had been hidden in the top message.

If your website has been compromised, you should report it – and be aware how Injection attacks work – to make sure you keep your web site safe

Something to watch out for Smile

Eileen is a social business and social media strategist and consultant at Amastra, a columnist at ZDNet and author of Working The Crowd: Social Media Marketing for Business. Contact Eileen to find out how she can help your business extend its reach.