Sunday, June 1st, 2008
XSS (Cross-Site Scripting) Very Much Alive and Kicking
We were about to investigate further on malicious activities related to banner82(dot)com/b.js but the URL was already inaccessible around Tuesday. Soon enough the malicious script in www(dot)adw95(dot)com caught our interest. A rough survey of the sites compromised by this script reveal that the ...
Posted in Coding, Internet, Security | No Comments
Friday, May 30th, 2008
We’ve been folowing the development of sqlninja since the early days, it’s growing into a well matured and more polished tool with advanced features.
Sqlninja is a tool written in PERL to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal ...
Posted in Coding, Internet, Privacy, Security | 1 Comment
Wednesday, May 28th, 2008
Mass SQL injection attack, take four: Yet another wave of SQL injection attacks is exploiting an Adobe Flash vulnerability that appears to be coming from the same series of attacks originating from China.
The intent, as in previous attacks, has been to steal online gamers’ password credentials. But given the persistence ...
Posted in Internet, Security | No Comments
Wednesday, May 14th, 2008
A little-known botnet has put a different spin on the recent wave of SQL injection attacks on thousands of Websites: It’s outfitting its bots with its own tool to launch SQL injection attacks on vulnerable sites.
The Asprox botnet, a relatively small botnet known mainly for sending phishing emails, has been ...
Posted in Coding, Internet, Privacy, Security | No Comments
Tuesday, May 13th, 2008
The mass SQL injection attacks we've mentioned here and here are increasing in numbers and we're seeing more domains being injected and used to host the attack files and we believe that there are now more than one group using a set of different automated tools to inject the code.
Previously ...
Posted in Internet, Security | No Comments