Sunday, June 08, 2008


A search reveals at least 43,000 hits on this particular SQL injection. Thats alarmingly still close the what the numbers where the first time this was reported. It seems the affected companies and industries related to wine, oil, movies, and so on haven't done enough to cleanup their backend databases -- or perhaps don't know how?

Over in Seattle a couple pages have been up discussing how to prevent and harden against SQL injection attacks have been put up.

Domain and website splits are:
.com - 17,401
.org - 22,901
.net - 699
.cn - 189
.us - 6
.hk - 6
.info - 4
.uk - 2
.sg - 2
.jp - 2
.nz - 1
.gov - 3
.in - 4

Some webhosters have been discussing the attack as it progressed on systems. A discussion of what the SQL requests is here. In the same month other malicious hosts were being identified. Attacks aren't simply on regular pages but those server side .ASP pages as well.

No comments:

Post a Comment