Go00ogle.net sql injection

Google has flagged on of my site because a malware script hosted on go00ogle.net.

I read that this a sql injection, can someone please help me.

Hi there, I had the same trouble. One of the tech guys at my work checked to see what javascript functions were running and amongst the legit ones was a suspect looking one called “advQuery” which was coming from a shoutbox php file I had on my site.

So I found the function and what it was doing was to construct the go00ogle.net URL by combining characters. I commented this function out and sure enough the warnings went away however I did notice that ‘something’ was still calling the function and now that the function couldn’t be found, the pages were taking a while to load until the script gave up.

Finding the source of the function call was going to be almost impossible as a search on all site files for “advQuery” yielded nothing.

I now see no errors or stalling so for the moment, all is well. Another approach would be to leave the function active but remove its contents so it did nothing and whatever might be calling it would find it and think that its evil job was done.

What are you running on your site?

  1. Homemade code? Do you know how to program safe web-apps?
  2. Some package? Have you upgraded to the newest version?