Home arrow US-CERT Computer Emergency Readiness Team arrow Websites Compromised Through SQL Injection

Websites Compromised Through SQL Injection

US-CERT has seen reports of an attack that has compromised a large number of legitimate websites. The reports indicate that attackers are modifying the sites and embedding a reference to JavaScript code. Users who visit one of these infected websites may unknowingly execute malicious code. This code attempts to exploit known vulnerabilities for which patches are available but may not have been applied to the victim's system.

This issue is currently exploiting a variety of vulnerabilities:

  • Baofeng Storm ActiveX
  • Ourgame GLChat ActiveX
  • Microsoft Internet Explorer VML (VU#122084VU#122084)
  • Qvod Player ActiveX
  • Microsoft RDS.Dataspace ActiveX (VU#234812VU#234812)
  • RealPlayer playlist ActiveX (VU#871673VU#871673)
  • Storm Player ActiveX
  • Microsoft Windows WebViewFolderIcon ActiveX (VU#753044VU#753044)
  • Xunlei Thunder DapPlayer ActiveX
US-CERT encourages users to do the following to help mitigate the risks of this and similar attacks:
  • Regularly apply software updates and patches provided by vendors.
  • Disable JavaScript and ActiveX as described in the Securing Your Web BrowserSecuring Your Web Browser document.
US-CERT will provide more information as it becomes available.