____/ Doug Mentohl on Thursday 17 April 2008 21:02 : \____
> "It seemed that the exploitation of SQL Injection vulnerabilities was
> involved in the automated attacks..."
>
> "The exploit included an SQL statement that tried to inject a script
> tag into every HTML page on the website"
>
> http://www.theregister.co.uk/2008/04/16/mystery_web_compromise_unpicked/
> -------
>
> solution: Don't write web applets that allow the client to inject SQL
> commands into the returned string - DOH
> -------
>
> "With the benefit of the hacker tool used to pull off the attack this
> all becomes much clearer, much like it was easier for scientists to
> unravel a cure for the mystery pandemic that blighted mankind in the
> Twelve Monkies after they obtained a sample of the pure source"
>
> No, the above is a description of an SQL injection exploit, the latter
> is a ludicrous plot from a movie ..
The Microsoft (UK) Web site fell victim to this last year. A hacker from Saudi
Arabia had it defaced.
--
~~ Best of wishes
Roy S. Schestowitz | Useless fact: Every polar bear is left-handed
http://Schestowitz.com | Open Prospects | PGP-Key: 0x74572E8E
Tasks: 101 total, 1 running, 100 sleeping, 0 stopped, 0 zombie
http://iuron.com - knowledge engine, not a search engine
|
|