Another case of Malaysia's website get injected by SQL injection.
Currently hosting malicious javascript command at http://www.tgv.com.my

The code is only inserted at the movie's synopsis page. I was looking at the synopsis for the movie "Wanted".
Luckily Kaspersky was able to detect it. Does your anti-virus software able to detect it (although not recommended that you try this at home)?

Little bit more info at my blog post at http://www.drsafemode.com/2008/06/25/tgv-m...-sql-injection/

This post has been edited by manutdotcom: Jun 25 2008, 01:18 AM

Wow another malaysia site kenna again.

my Kaspersky didn't show anything or horny-horse-screaming when I visit Wanted synopsis page?

perhaps you're using no-script firefox add-on?

otherwise it should detect as Trojan-Downloader.JS.Agent.cs by Kaspersky v7 and Trojan-Downloader.JS.Agent.ccu by Kaspersky 2009

my Firefox doesn't have any addon except Glasser addon, neither does Internet Explorer... and I have fully updated system and antivirus definitions...

im using nod32 but no didnt alert me

It has been fixed by now.... I believe. However Avira is flagging an FP in that website. KIS and NOD32 on that website is clean.

Link to that page please? I can't find it.

yup, fixed already.

Smooth surfing on that site now..

hey any1 can access now? it says reported attack site..

Just checked, I can access the site with no problem

if u use firefox, google blocks automatically when u type in the address bar

hmm.. even i use ie7, its say internet explorer cannot display the webpage.. still cant use it.. some of my frens cant access either..

I can't visit the TGV website on my laptop either. Firefox reports it as an "attack website". Odd.

No problem for me in Avira av.i use firefox too maybe they hav fixed the problem already.so do u?

Firefox now blocks it.

yap, thats right...



http://safebrowsing.clients.google.com/saf...www.tgv.com.my/

i didn't hav this problem.take a look

you need more carefully...

wat av is that ? looks good