Massive automated SQL injection attack

May 2, 2008 – 4:37 pm

It appears that a massive, automated SQL injection attack is wrecking havoc across thousands of sites (600000+ pages and counting).

The attack apparently leverages Google to find candidates for vulnerable pages. The automated process then probes the candidate page for potential SQL injection vulns. If it likes what it sees (i.e. error messages directly from the sql server) it will immediately launch an all-out attack, injection SQL to find every text field in the database and append a malicious javascript to the value of every row.

That’s extremely vulnerable to evey site running sql. One of the best ways to protect from this type of attach is through frequent backups. Believe it or not, the backup helps.

Tags:

Post a Comment

Splitzer | CFShare | MySpace Tracker | TrackMySpace Blog | DoDisturb | Windows Hosting | Web Design
Splitzer is proudly powered by WordPress Entries (RSS) and Comments (RSS). Theme by Bob