SQL injection & Flash Player exploits on Wal-Mart's site

Discussion of other internet issues.
User avatar
The Masked Marauder
Emeritus Contributor
Emeritus Contributor
Posts: 131
Joined: Sat Apr 08, 2006 5:21 pm
Location: Raleigh, NC

SQL injection & Flash Player exploits on Wal-Mart's site

Post by The Masked Marauder » Tue Jun 03, 2008 1:44 pm

Walmart Hit By The Most Recent SQL Injections

Walmart.com has been hit by the latest in a series of SQL injections that serves up malware via javascript. framedart.walmart.com seems to have been injected with a malicious URL that automatically downloads malware to an unsuspecting visitor's computer. When you search framedart.walmart.com, every description area will have a pointer to hxxP://www.sys****.com/b.js (detected as Exploit.HTML.Iframe.FileDownload), which is a malicious script with an iframe pointing to hxxp://en-****.com/cgi-bin/index.cgi?ad . This points to 2 swf (flash) files that take advantage of the latest Flash Player exploit. advert.swf and banner.swf are detected as exploit.flash or exploit.swf and in turn download more malware to the user's machine.

Lavasoft Research Blog