A tool used by the attackers to identify and attack vulnerable web servers was found. The tool provides a simple interface in order to perform SQL injection attacks against sites identified via a Google query. This morning, I was investigating another attack that is most likely related. The target of the malicious script tag has changed, but the underlying malicious SQL is very similar. Feeding the 1.js file into our automation system, we see a whole mass of pages that will get loaded as a result of browsing a compromised page. This is represented in the flowchart below.”]
Source: https://nakedsecurity.sophos.com/2008/04/22/malicious-sql-injection/