Top Six Database Attacks

Thursday, May 8th, 2008

It takes the average attacker less than 10 seconds to hack in and out of a database -- hardly enough time for the database administrator even notice the intruder. So it’s no surprise that many database attacks go unnoticed by organizations until long after the data has been compromised. And surprisingly, ...

SQL Injection Worm on the Loose

Wednesday, May 7th, 2008

A loyal ISC reader, Rob, wrote in to point us at what looks to be a SQL Injection worm that is on the loose.  From a quick google search it shows that there are about 4,000 websites infected and that this worm started at least mid-April if not earlier.  Right ...

Microsoft offers assistance to combat mass SQL injection

Monday, April 28th, 2008

Microsoft has provided security advice to web developers using its products after many such sites were compromised. Last week, hundreds of thousands of web pages were infected with a malicious iframe which tries to infect visitors with a trojan. Many high profile sites including the United Nations (un.org), the UK ...

Lateral SQL Injection

Saturday, April 26th, 2008

How can an attacker exploit a PL/SQL procedure that doesn’t even take user input? Or how does one do SQL injection using DATE or even NUMBER data types? In the past this has not been possible but as this paper will demonstrate, with a little bit of trickery, you can ...

Mass SQL injection

Thursday, April 24th, 2008

There's another round of mass SQL injections going on which has infected hundreds of thousands of websites. Performing a Google search results in over 510,000 modified pages.