So, my last few day have been spent waiting on the company we hired (by we I mean my boss, I had no say) to host and maintain the online store and ordering system for the company to fix a SQL Injection that occurred over the weekend. Let me first say that SQL Injections are not fun and if you are a webmaster and haven’t tested your code you best be getting to it.
Now the funny thing is that the company that manages all this knew that they “most likely” had errors in their code, but instead of manually testing it they have decided to spend the last few months looking for an automatic solution and have came up empty handed. (So if you know of one let me know.)
Anyways, the SQL injection attack we had added a javascript link to the end of our some columns in our databases tables. From some research the script would have ran and then download a trojan onto the users computer. Luckily the attack happened twice and the javascript code was broken, sadly so was the site and ordering system.
To make a long story short the company mess up while trying to remove the injection and erased data that we needed. We did have a backup that should be able to restore most of it, but I am sure we have lost some data.
So the moral of this post is protect your site from SQL Injections and know what you have in your database before trying to run a script that will remove all scripts from the database.
The End!
Learn more about SQL Injections here