A clients server was recently compromised because of a bug in an old software package that allowed writing to the filesystem. During the normal execution of the app, the code inserted itself into other files until nearly all .php files were infected. The outcome was that each page ended up injecting a piece of javascript by parsing the completed output and injecting itself before the close
↧