Porn site hack into database

[pixuk]

Really odd thing happened today, and I can't work out how.

One of my database tables was selectively hacked so the 15th+ character of a CMS body field was replaced with a crude javascript hack to a domain - yl18.net. Nasty.

There is no way on earth that this could have got into the database via my code (I trap everything!), so it's almost a back-door direct injection into the SQL database. Anyone else come across this?

 

[Stephen]

I'd say it is not a good idea to say impossible via sql injection

anything is possbile in code/injections.

But submit a ticket and we can look at some logs and maybe assist, sometimes the logs are many hundreds of MB and not able to be effectively analyzed, but we do try to help in such cases.

 

[pixuk]

I'd say it is not a good idea to say impossible via sql injection

Fair point, so perhaps I should re-phrase that and say in this particular case it seems extremely unlikely (the SQL statements are cleaned prior to insertion, plus they are behind a password-protection), and the way the have appeared - replacing everything from the 15th character onwards - is not consistent with the code that does the insert, so I'm not even sure 'how' they could have done it. ?(