The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Massive SQL injection attack making the rounds—694K URLs so far


Administrator / Manager

Status: Offline
Posts: 2499
Date:
Massive SQL injection attack making the rounds—694K URLs so far
Permalink   


Hundreds of thousands of URLs have been compromised—at the time of writing, 694,000—in an enormous and indiscriminate SQL injection attack. The attack has modified text stored in databases, with the result that pages served up by the attacked systems include within each page one or more references to a particular JavaScript file.

The attack appears to be indiscriminate in its targets, with compromised machines running ASP, ASP.NET, ColdFusion, JSP, and PHP, and no doubt others. SQL injection attacks, which exploit badly-written Web applications to directly perform actions against databases, are largely independent of the technology used to develop the applications themselves: the programming errors that allow SQL injection can be made in virtually any language. The underlying cause is a programmer trusting input that comes from a Web page—either a value from a form, or a parameter in a URL—and passing this input directly into the database. If the input is malformed in a particular way, the result is that the database will run code of the attacker's choosing.

 In this case, the injected SQL is simply updating text fields within the database, to make them include an extra fragment of HTML. This HTML in turn loads a JavaScript from a remote server, typically "http://lizamoon.com/ur.php" or more recently, "http://alisa-carter.com/ur.php." Both domain names resolve to the same IP address, and presently that server is not functional, leaving browsers unable to load the malicious script when they visit infected pages. Previously, it contained a simple script to redirect users to a fake anti-virus site.

ARS Technica has the details HERE!



__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net


Manager

Status: Offline
Posts: 1130
Date:
Permalink   

How to Defeat Lizamoon in One Easy Step



__________________

Where's the money, Lebowski?toilet gif



Administrator / Manager

Status: Offline
Posts: 2499
Date:
Permalink   

Thanks Alan... I enjoyed that video too!



__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard