SQL injection ,300.000 sites infected

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
abalfazl
Forum Commoner
Posts: 71
Joined: Mon Sep 05, 2005 10:05 pm

SQL injection ,300.000 sites infected

Post by abalfazl »

http://forums.online-sweepstakes.com/sh ... ?p=8966972
The New SQL Injection Attack
December 11th, 2009
a new, extremely sophisticated SQL injection attack that may have already infected up to 300,000 Web pages has been detected. Perpetrators are using SQL injection to push a malicious iframe that is named script src=hxxp://318x.com into Web servers. (An iframe is an HTML structure that enables another HTML document to be put into an HTML page.)
What does it mean?Does it mean many web servers were vulnerable of SQL injection at the same time?How?Or is it a worm using SQL injection?

Is it about a security hole in MS SQL server?Anyone knows more technical details?
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: SQL injection ,300.000 sites infected

Post by kaisellgren »

There are so many websites that are vulnerable to SQLi. It was a regular SQL injection attack, but the one who did this used those methods in SQL that require the FILE permission (SELECT ... INTO FILE, LOAD DATA INFILE, LOAD_FILE()), which is turned on by the most hosts by default, and was able to inject HTML into files.
Post Reply