SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    SQL injection ,300.000 sites infected

    http://forums.online-sweepstakes.com....php?p=8966972
    The New SQL Injection Attack
    December 11th, 2009
    a new, extremely sophisticated SQL injection attack that may have already infected up to 300,000 Web pages has been detected. Perpetrators are using SQL injection to push a malicious iframe that is named script src=hxxp://318x.com into Web servers. (An iframe is an HTML structure that enables another HTML document to be put into an HTML page.)
    What does it mean?Does it mean many web servers were vulnerable of SQL injection at the same time?How?Or is it a worm using SQL injection?

    Like a worm that uses XSS in myspace?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Generally someone finds a bug in a popular CMS (Drupal or Joomla or WordPress, etc.) then simply uses a search engine to find people running the version of that CMS with the bug (example), and can attack all their sites at once. Automating the search and the exploit is simple once a bug is found; finding exploitable bugs is the hard part.

  3. #3
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    in that particular case, Do you know which CMS was the the target?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    They're almost all .aspx sites, so it's probably something common to either IIS or Microsoft SQL Server.

  5. #5
    PEACE WILL WIN abalfazl's Avatar
    Join Date
    Feb 2005
    Location
    Beyond the seas there is a town
    Posts
    711
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    so it's probably something common to either IIS or Microsoft SQL Server.
    with all due respect,SQL injection is a technic that is used against database, How does it relate to IIS?
    I shall build a boat,I shall cast it in the water,
    I shall sail away from this strange earth,
    Where no one awaken the heroes in the wood of love

  6. #6
    SitePoint Member
    Join Date
    Dec 2009
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    i hate sqlinjection grrrr

  7. #7
    SitePoint Member
    Join Date
    Oct 2009
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    recently DDoS attack on DNS hits Amazon and others.
    It seems that it is hard to stop cybercriminals

  8. #8
    SitePoint Member jamesww's Avatar
    Join Date
    Sep 2008
    Location
    Houston, TX
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would like to know what i can do to prevent these SQL injections for WordPress.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •