SQL Injection Attacks on IIS Web Servers

Posted: Apr 25, 2008  134 comments  

Average Rating

Tags
Administrators
ASP.NET
Developers
IIS News Item
Security

Share this Post

BillS IIS Blog
bills
Contact Me
Recent Posts

You may have seen recent reports that have surfaced stating that web sites running on Microsoft’s Internet Information Services (IIS) 6.0 have been compromised. These reports allude to a possible vulnerability in IIS or issues related to Security Advisory 951306 which was released last week.

Microsoft has investigated these reports and determined that the attacks are not related to the recent Microsoft Security Advisory (951306) or any known security issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies.

Instead, attackers have crafted an automated attack that can take advantage of SQL injection vulnerabilities in web pages that do not follow security best practices for web application development. While these particular attacks are targeting sites hosted on IIS web servers, SQL injection vulnerabilities may exist on sites hosted on any platform.  More information on SQL injection attacks can be found here and here.

Guidance from Microsoft for web application development best practices can also be found on this MSDN page. Best practices guidelines that developers may follow to mitigate SQL injection, can be located here. As we continue to make progress in our investigation on this attack, we will provide updated guidance and information on the IIS.net site. For the latest information on this issue, please subscribe or visit the IIS security forum.

For end-users, the investigation also shows no indication of an un-patched vulnerability in IIS, SQL Server, Internet Explorer or any other Microsoft client software, so we recommend customers apply the latest updates to be protected from these attacks.

To further protect themselves from reported attacks, we encourage all customers to apply our most recent security updates to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit: www.microsoft.com/protect.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country.  Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY.  Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov

Comments

Pingback from  microsoft  » Blog Archive   » SQL Injection Attacks on IIS Web Servers

Apr 26 2008 by microsoft » Blog Archive » SQL Injection Attacks on IIS Web Servers

Hi there this is Bill Sisk. There have been conflicting public reports describing a recent rash of web

Apr 26 2008 by The Microsoft Security Response Center (MSRC)

Pingback from  SQL Injection Attacks on IIS Web Servers - BillS IIS Blog

Apr 26 2008 by SQL Injection Attacks on IIS Web Servers - BillS IIS Blog

Pingback

Apr 26 2008 by VolkerD

The recent slate of attacks on IIS servers don't seem to be an attack directly against IIS or against

Apr 26 2008 by K. Brian Kelley - Databases, Infrastructure, and Security

There have been conflicting reports about SQL Server injection attacks and a possible new IIS vulnerability

Apr 26 2008 by Guy Barrette

Apr 26 2008 by Guy Barrette's Blog

Pingback from  Hundreds of Thousands of Microsoft Web Servers Hacked « Smokey’s Security Weblog

Apr 26 2008 by Hundreds of Thousands of Microsoft Web Servers Hacked « Smokey’s Security Weblog

Pingback from  Microsoft f?hlt sich nicht f?r die Webserver-Attacken verantwortlich - WinSupportForum

Apr 26 2008 by Microsoft f?hlt sich nicht f?r die Webserver-Attacken verantwortlich - WinSupportForum

Pingback from  Clarifying SQL Web Server Attacks » D' Technology Weblog: Technology, Blogging, Tips, Tricks, Computer, Hardware, Software, Tutorials, Internet, Web, Gadgets, Fashion, LifeStyle, Entertainment, News and more by Deepak Gupta.

Apr 26 2008 by Clarifying SQL Web Server Attacks » D' Technology Weblog: Technology, Blogging, Tips, Tricks, Computer, Hardware, Software, Tutorials, Internet, Web, Gadgets, Fashion, LifeStyle, Entertainment, News and more by Deepak Gupta.

Pingback from  Teste » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …

Apr 27 2008 by Teste » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …

Pingback from  fashion  » Blog Archive   » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …

Apr 27 2008 by fashion » Blog Archive » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …

Ahhh BS, what's all this hoopla about?! Just tell it like it is: A LOT of developers are just plain lazy and don't care enough to use parameterized queries; end of story.

Apr 27 2008 by Peter

Pingback from  SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN

Apr 27 2008 by SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN

Pingback from  MSBLOG

Apr 27 2008 by MSBLOG

Pingback from  SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN

Apr 28 2008 by SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN

La blogosfera "sicura" (nome scherzoso con cui identifico l'insieme di blog/e-magazines in

Apr 28 2008 by Security Blog di Feliciano Intini

Pingback from  Microsoft Afasta Responsabilidade de Ataque Massivo

Apr 28 2008 by Microsoft Afasta Responsabilidade de Ataque Massivo

A new major security attack occurred over the weekend, where over one half million web pages became infected

Apr 28 2008 by Harry Waldron - My IT Forums Blog

A new major security attack occurred over the weekend, where over one half million web pages became infected

Apr 28 2008 by Harry Waldron - Microsoft MVP Blog

Does denying access to the webserver, still allow a sql attack >?

Apr 28 2008 by Paintworkzstudio

Pingback from  Developers at fault: SQL Injection attacks lead to wide-spread compromise of IIS servers |  Zero Day | ZDNet.com

Apr 28 2008 by Developers at fault: SQL Injection attacks lead to wide-spread compromise of IIS servers | Zero Day | ZDNet.com

Pingback from  Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | MeltedCube

Apr 28 2008 by Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | MeltedCube

Pingback from  Microsoft Report on SQL Injection Attacks on IIS Web Servers | ReadersZone

Apr 28 2008 by Microsoft Report on SQL Injection Attacks on IIS Web Servers | ReadersZone

thank you

Apr 28 2008 by kazım

Even if Microsoft is not at fault for the SQL injection attacks, the malware specifically targets Windows clients.

Since the SQL injection attack is specific to T-SQL, wouldn't it be responsible to give developers and DBAs some hints to at least detect infections?  Other than using Google to find all 500,000 infected web pages?

Apr 29 2008 by John.B

if this is not due to an IIS-vulnerability, why does it only affect IIS-servers?

Apr 29 2008 by max stirner

Pingback from  Prepare for Corporate Layoffs  » Blog Archive   » Weak SQL coding techniques result in Huge SQL Injection attacks

Apr 29 2008 by Prepare for Corporate Layoffs » Blog Archive » Weak SQL coding techniques result in Huge SQL Injection attacks

Pingback from  GarethWestern.com » Bookmarks for April 27th through April 29th

Apr 29 2008 by GarethWestern.com » Bookmarks for April 27th through April 29th

Pingback from  Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????

Apr 29 2008 by Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????
bills

Hi Max -

the exploit code is specific to SQL server, which is normally found behind an ASP/ASP.NET application that has not followed best practices.  The exploit code doesn't work against mysql or other databases, which is why it appears to be an IIS/ASP/ASP.NET/SQL bug, but it is not.  The same exploit could have been done with code specific to mySQL or any other database.  

Apr 29 2008 by bills

John.B - MS do provide info for developer and DBAs either via MSDN:

msdn2.microsoft.com/.../ms161953.aspx

also via multiple blog entries, for example:

http://blogs.msdn.com/raulga/

problem is most Devs and DBAs are just not interested in doing the work...

Apr 29 2008 by SR - UK

Pingback from  WordPress MU  barcon.info | Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????

Apr 29 2008 by WordPress MU barcon.info | Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????

I wrote some T-SQL to scan your entire server for "<script" in all databases.

================

exec sp_msforeachdb '

Print(''Scanning Database [?]'')

DECLARE @T varchar(255), @C varchar(255)

DECLARE Table_Cursor CURSOR FOR

select a.name,b.name from [?].dbo.sysobjects a,[?].dbo.syscolumns b

where a.id=b.id and a.xtype=''u'' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)

order by a.name, b.name

OPEN Table_Cursor

FETCH NEXT FROM Table_Cursor INTO @T,@C

WHILE(@@FETCH_STATUS=0)

BEGIN

If Left(@T,1)<>''#''

Begin

Print('' Scanning Table [''+@T+''], Column: [''+@C+'']'')

Exec(''if exists(select [''+@C+'']  from [?].dbo.[''+@T+''] where [''+@C+''] like ''''%<script%'''') print ''''>>> FOUND in [''+@T+''].[''+@C+'']'''''')

End

FETCH NEXT FROM Table_Cursor INTO @T,@C

END

CLOSE Table_Cursor

DEALLOCATE Table_Cursor

'

================

Just search the printout for ">>> FOUND" to see in what table the malicious code was found.

Be warned: this might take a LONG time!

Apr 29 2008 by RobIII

Don't know if you saw this, but it's certainly scary . There are several articles out about a massive

Apr 29 2008 by Out Of The Box

For those not familiar with SQL injection, it's in it's simplest form a method of injection a SQL statement into a database server by way of hiding it in a web parameter. There's a more detailed ...

Apr 29 2008 by shawnbass.com - Security blog

Pingback from  Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | Networking for Networkers

Apr 29 2008 by Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | Networking for Networkers

Az utóbbi időben egyre több olyan hír jelent meg a világhálón, amelyek szerint durva hiba lehet a Windows

Apr 30 2008 by Balássy György (MSDNKK)

Pingback from  &nbsp; Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers&nbsp;&#8212;&nbsp;Instant Web Meetings.COM - Video Conference, Collaboration, E Learning, Unified Communications

May 01 2008 by   Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers — Instant Web Meetings.COM - Video Conference, Collaboration, E Learning, Unified Communications

News Microsoft Internet Security and Acceleration Server Forefront Threat Management Gateway, the Next

May 01 2008 by Technical RollUp

Pingback from  SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN | Alex McFarlane

May 08 2008 by SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN | Alex McFarlane

h2.entry-title {font-size: 1.1em; clear:left;} ul.hfeed {list-style-type: none;} li.xfolkentry {clear

May 08 2008 by Jon Galloway

A few of our legacy ASP application were affected by this outbreak. It was an accident waiting to happen though. The blame is on the poorly written code, not in SQL or IIS. Since it is too expensive (and difficult) to fix all code, you have to live with it. I found an interesting and free (GNU with source code) application for IIS that proved very efficient. I am still being attacked, but the filter has blocked the effects of such attacks.

Installation and code can be found here:

www.codeplex.com/IIS6SQLInjection

The only bad thing is that it is not compatible with Windows 64 bits. I had to move all ASP application to a lesser server :(

May 08 2008 by Joseph

Once you recover your web server from the attack you are not done.  You may find that the seach engines now have cached pages for your site that include the malicious code.  Yahoo takes a simple e-mail.  Google takes an online form.  I have been fighting for 2 weeks to get Microsoft to remove cached pages that are now 6 weeks old from their Live Search.  

May 15 2008 by Yvonne

Who should be responible for fixing a website that has recently been affect by an SQL injection attack?  Should it be the people responible for developing website or the company that purchased it?  We had a website developed a year ago and it's currently being hosted by the developer.  It has recently been attacked and now they want to charge us to fix it, but if this is due to their poor code shouldn't they be responible for fixing it?

May 20 2008 by Samuel Davis

The above component do not work and fail if SQL is defined in form action:

<form method="post" action="show.asp?PageID=123;Declare @a;Set @=123;Exec(@);">

</form>

May 20 2008 by Anonymous

It is important to learn how to implement best security practices and protect your database. There's a great tutorial test on www.microsoft.com/hellosecureworld7 where you can see an SQL Injection attack in action and learn ways to stop it. Look for the SQL Injection Lab.

May 22 2008 by Fred

News Microsoft Internet Security and Acceleration Server Forefront Threat Management Gateway, the Next

May 24 2008 by Heavy on the Technical

There s a lot of noise arround currently ongoig SQL injection attacks and even if that is quite an "old"

May 28 2008 by Microsoft Switzerland Security Blog

Pingback from  Michael Howard on SQL Injection and my concerns on the most recent attacks | Zero Day | ZDNet.com

May 29 2008 by Michael Howard on SQL Injection and my concerns on the most recent attacks | Zero Day | ZDNet.com

Well, there was quite some chatter over the last few weeks with regards to the massive defacements we

May 30 2008 by Roger's Security Blog

Pingback from  servers

May 31 2008 by servers

Den senaste tiden har en mängd sajter blivit infekterade av en SQL Injection-attack som använder SQL

Jun 02 2008 by Robert Folkesson

Pingback from  Binero  &raquo; Blog Archive   &raquo; Skydda din webbplats

Jun 05 2008 by Binero » Blog Archive » Skydda din webbplats

Посвящается моим студентам, жалующимся на высокую требовательность к качеству кода при сдаче лабораторных

Jun 16 2008 by Владимир Лещинский

Pingback from  MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz - ntoolz.net

Jun 22 2008 by MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz - ntoolz.net

Pingback from  Security Advisory 953818 Posted | Network Toolz - ntoolz.net

Jun 22 2008 by Security Advisory 953818 Posted | Network Toolz - ntoolz.net

Pingback from  Questions about Web Server Attacks | Network Toolz - ntoolz.net

Jun 22 2008 by Questions about Web Server Attacks | Network Toolz - ntoolz.net

Pingback from  AMD Talk &raquo; MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz &#8230;

Jun 22 2008 by AMD Talk » MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz …

Pingback from  May 2008 Advance Notification | Network Toolz - ntoolz.net

Jun 22 2008 by May 2008 Advance Notification | Network Toolz - ntoolz.net

Pingback from  &raquo; Security Advisory 953818 Posted | Network Toolz - ntoolz.net

Jun 22 2008 by » Security Advisory 953818 Posted | Network Toolz - ntoolz.net

Pingback from  &raquo; MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz &#8230;

Jun 22 2008 by » MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz …

Pingback from  The latest SQL Injection Attacks | Network Toolz - ntoolz.net

Jun 22 2008 by The latest SQL Injection Attacks | Network Toolz - ntoolz.net

Pingback from  Pregnant Man &raquo; MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz &#8230;

Jun 22 2008 by Pregnant Man » MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz …

Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; certificate mapping auth problem

Jun 22 2008 by Network Tools - ntoolz.net » Blog Archive » certificate mapping auth problem

Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; March 2008 MS08-014 Re-release

Jun 22 2008 by Network Tools - ntoolz.net » Blog Archive » March 2008 MS08-014 Re-release

Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; How do you create client certificates?

Jun 22 2008 by Network Tools - ntoolz.net » Blog Archive » How do you create client certificates?

Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; Cannot manage Entreprise CA that is in parent domain from child domain

Jun 22 2008 by Network Tools - ntoolz.net » Blog Archive » Cannot manage Entreprise CA that is in parent domain from child domain

Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; Questions about Web Server Attacks

Jun 22 2008 by Network Tools - ntoolz.net » Blog Archive » Questions about Web Server Attacks

Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; eLineStudio Site Composer Multiple Vulnerabilities

Jun 23 2008 by Network Tools - ntoolz.net » Blog Archive » eLineStudio Site Composer Multiple Vulnerabilities

Pingback from  Error: 18456, Severity: 14, State: 16. | Network Tools - ntoolz.net

Jun 23 2008 by Error: 18456, Severity: 14, State: 16. | Network Tools - ntoolz.net

Pingback from  &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage &#8230;

Jun 23 2008 by » Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage …

Pingback from  &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web &#8230;

Jun 23 2008 by » Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web …

Pingback from  &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site &#8230;

Jun 23 2008 by » Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site …

Pingback from  The latest SQL Injection Attacks | Network Tools - ntoolz.net

Jun 23 2008 by The latest SQL Injection Attacks | Network Tools - ntoolz.net

Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net

Jun 23 2008 by Questions about Web Server Attacks | Network Tools - ntoolz.net

Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site &#8230;

Jun 23 2008 by Archive » Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site …

Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web &#8230;

Jun 23 2008 by Archive » Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web …

Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage &#8230;

Jun 23 2008 by Archive » Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage …

Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? How do you create &#8230;

Jun 23 2008 by Archive » Network Tools - ntoolz.net ?? Blog Archive ?? How do you create …

Pingback from  MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools - ntoolz.net

Jun 23 2008 by MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools - ntoolz.net

Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net

Jun 23 2008 by Questions about Web Server Attacks | Network Tools - ntoolz.net

Pingback from  June 2008 Monthly Release | Network Tools - ntoolz.net

Jun 23 2008 by June 2008 Monthly Release | Network Tools - ntoolz.net

Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net

Jun 24 2008 by Questions about Web Server Attacks | Network Tools - ntoolz.net

Pingback from  Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 | Network Tools - ntoolz.net

Jun 24 2008 by Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 | Network Tools - ntoolz.net

Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net

Jun 24 2008 by Questions about Web Server Attacks | Network Tools - ntoolz.net

Pingback from  &raquo; Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Questions &#8230;

Jun 24 2008 by » Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Questions …

Pingback from  A E  &raquo; Blog Archive   &raquo; Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 &#8230;

Jun 24 2008 by A E » Blog Archive » Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 …

Pingback from  &raquo; MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools &#8230;

Jun 24 2008 by » MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools …

Pingback from  Archive &raquo; Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? How do you &#8230;

Jun 24 2008 by Archive » Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? How do you …

Pingback from  Archive &raquo; Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Cannot &#8230;

Jun 24 2008 by Archive » Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Cannot …

Pingback from  IAS and RAS server certificate enrollment | Network Tools - ntoolz.net

Jun 24 2008 by IAS and RAS server certificate enrollment | Network Tools - ntoolz.net

Pingback from  Server Core in our Security Bulletins | Network Tools - ntoolz.net

Jun 24 2008 by Server Core in our Security Bulletins | Network Tools - ntoolz.net

Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net

Jun 24 2008 by Questions about Web Server Attacks | Network Tools - ntoolz.net

The IIS team has some street smarts when it comes to security. We learned quite a few lessons the hard

Jun 24 2008 by Wade Hilmo

Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net

Jun 26 2008 by Questions about Web Server Attacks | Network Tools - ntoolz.net

Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net

Jun 26 2008 by Questions about Web Server Attacks | Network Tools - ntoolz.net

Pingback from  Finding SQL Injection with Scrawlr | IT &amp; Network Security Blog

Jul 13 2008 by Finding SQL Injection with Scrawlr | IT & Network Security Blog

Pingback from  2008 Pwnie Award nominees announced | Zero Day | ZDNet.com

Jul 21 2008 by 2008 Pwnie Award nominees announced | Zero Day | ZDNet.com

About 2 months ago we released the beta for UrlScan v3.0 to address customer concerns with automated

Aug 21 2008 by Nazim's IIS Security Blog

Pingback from  Shadow Security &raquo; Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores

Aug 22 2008 by Shadow Security » Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores

Pingback from  MiniNoticias  &raquo; Blog Archive   &raquo; Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores

Aug 26 2008 by MiniNoticias » Blog Archive » Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores

Pingback from  Dr. Tom Shinder&#8217;s Blog  &raquo; Blog Archive   &raquo; UrlScan 3.0 Released - Blocks SQL Injection Attacks

Sep 28 2008 by Dr. Tom Shinder’s Blog » Blog Archive » UrlScan 3.0 Released - Blocks SQL Injection Attacks

Pingback from  Free SQL Injections Scanner | Video Sharing Script

Feb 11 2009 by Free SQL Injections Scanner | Video Sharing Script