Unknown_html on site? Malicious behavior flagged?

See: https://www.virustotal.com/nl/url/fb0ee9bd3b78e990334e012f9525598924f8d41642d9e6365bb09d557a76ec92/analysis/1393682864/
sophos detects threat Mal/Badsrc-C. Nothing flagged here: http://urlquery.net/report.php?id=9725910
and here: http://zulu.zscaler.com/submission/show/c77a665c4e862071c5dab6667f0273ab-1393684035

Server insecurity Custom errors-Fail : https://asafaweb.com/Scan?Url=www.muzikparadise.org (wXw.muzikparadise.org,Ghosted)

polonus

Not blocked by Avast!?

Hi Michael (alan1998),

Yep, when the SQL injection is still there (what Sophos actually detects there with Mal~Badsrc-C.aspx) then the site should be blocked.

This infection is most likely caused by SQL injection, a security vulnerability which allows a malicious source to perform operations on a database. This can occur either locally or remotely.

Attackers scan for web pages which may be susceptible to SQL injection,
and an HTTP request is sent to the page which will insert malicious script into the related database.

Mal/Badsrc-C is detected when accessing a page which references a field in the database which has had malicious code inserted into it,
most likely to redirect a user to a hijacked website.


Quote from Sohos Article ID: 42432 Updated: 28 Feb 2011.

I get flags that the site is vulnerable to XSS attack: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.muzikparadise.org
could be through here: xmlns:addthis=“htxp://www.addthis.com/help/api-spec” → with validation errors.

pol