Oh dear, oh dear, oh dear…
Its amazing what we find sometimes…
WARNING: I am assuming that my readers are smart enough to *NOT* visit the victim site, or the malicious URLs, without hefty protection in place, yes? In fact, don’t go there at all unless you are willing to reformat your computer, potentially without being able to back up your data (yes, some nasties out there are killing the ability to copy data to USB and whatnot). You have been warned!
I was taking a look at one of the recent SQL injection incidents the other day when I came across an interesting web site that had been affected (millerscitax.com). Here is a screenshot of an obvious problem:-
If we click on a “Read More” link, we see the following:-
So, anyway, being a good netizen ‘n’ all that, I decided to use the “Contact Us” page to warn the site owners that they had a problem (it should be noted that the News page is not hyperlinked as far as I can see – you need to know that it is there, and guess the URL, to find it). When I clicked on the “Submit” button on the “Contact Us” page, this is what I saw:-
<sigh> You would think that that is bad enough, yes? But, it gets even better (err, worse)… when we view the page source on the “Contact Us” page for the taxi site we find the following:
So, the next question is – why does the Millers City Taxis “Contact Us” page have code that references the gillibrand.co.uk web site? A potential explanation may be found in the fact that the Registrant for millerscitax.com is “eBusiness UK Ltd” (Capricorn House, Capricorn Park, Blakewater Road, Blackburn, Lancashire - 44.1254.279.998), and the fact that the “Web design” for gillibrand.co.uk is listed as having been completed by, you guessed it, eBusiness UK Ltd which lists its Lancashire address as Capricorn House, Capricorn Park, Blackburn, Lancashire - 01254.279.998.