[thelist] Website Hacked?
Joel D Canfield
joel at bizba6.com
Sat May 24 17:40:50 CDT 2008
> However, as they are injecting <script> tags, might they be sending
> <script> into fields that they have access to? (eg anything in their
> account profile if that's relevant, or perhaps when they send in an
> order, might it be in the quantity required field, or similar?
I'm not sure what's happening to my own db at Crystal Tech, but two
weeks ago an entire table had a script string dumped into every text
field. They said "we'll just restore it" without much comment on how it
happened (they were, in fact, just slightly evasive, which concerned me)
and now it's happened again. Last time I didn't push for their
explanation re: whether it was them or me; this time, I'll have to. (The
only forms I use for the table in question are in a password-secured
area, not available to anyone but me, so I'm baffled.)
joel
More information about the thelist
mailing list