Malware Signatures

  1. Home
  2. Malware Signatures
  3. php.hacktool.sqlinjection.001

php.hacktool.sqlinjection.001

Many popular web applications such as WordPress, Joomla, vBulletin, osCommerce, etc. rely on database.
Most of the data those application work with is stored in the database. And quite a few applications store configuration information in database as well.
That's why hackers don't forget about it and try to exploit it as much as possible. For example, hackers inject spammy links and scripts directly into posts, stored in the database.
Or they chnage configuration records to make site redirect visitors to third-party sites. To work with MySql databases hackers use various scripts: from highly targeted
customized scripts that can do only one specific thing to scripts that provide access to broad MySql functionality, such as adminer scripts..

There is a special class of database related attacks that doesn't require direct access to databese - SQL injections. Such attack work because web application
imporperly sanitize data provided by users. Behind the scence that data is used in SQL request. Hackers choose specifically crafted values that include strings that
change logic of the SQL request (e.g. they may include marks that end the original query and begin completely different query that may make unauthorized modifications in database).
Hackers have specialized tools to find sites vulnerable to SQL injections (e.g. sqlinjection scanners) and to conduct massive attacks against third-party sites. For obvious reasons (anonymity, bandwidth, etc.),
they prefer to run such tools and conduct SQL injection attacks from hacked servers.

Affecting

Any servers with enabled PHP and installed MySQL

Cleanup

Delete the malicious script and scan your server for other types of malware and specifically for backdoors.
You can also sign up with us and let our team remove the malware for you.

Dump

N/A