Quote:
Originally Posted by Dubbya
It appears that you are the victim of a cross site scripting attack. Specifically a "SQL injection attack".
|
Well actually that was my 1st thought and I checked the db for the keywords you're listing besides .js and ken.gif and didn't find one suspicious row.
To be honest I learned SQL Injection the hard way a while ago and user's input is filtered and also we set a specific SQL user unable to read sysobjects and its friends.
What puzzled me was that the script thing that I could see appeared on the top of the html source not mixed in between the data as I haven't seen on SQL Injection before.