Comments on: Mass Attack FAQ

By: Alliance Technology Partners – Veeam, Acunetix, HP » What is SQL Injection? Learn about Acunetix Web Vulnerability Scanner.

Tue, 04 May 2010 13:31:05 +0000

[…] Giorgio Maone (April 26, 2008). “Mass Attack FAQ”. […]

By: SQL injection and Amazing Hacking Issue | Master4Life

SQL injection and Amazing Hacking Issue | Master4Life — Thu, 11 Mar 2010 03:00:15 +0000

[…] injection http://hackademix.net/2008/04/26/mass-attack-faq/ http://blogs.iis.net/bills/archi … […]

By: BrianLang.ca » Blog Archive » links for 2009-08-14

BrianLang.ca » Blog Archive » links for 2009-08-14 — Fri, 14 Aug 2009 07:02:55 +0000

[…] hackademix.net » Mass Attack FAQ (tags: sql injection) […]

By: WOOOPS Microsoft « 1984

WOOOPS Microsoft « 1984 — Tue, 23 Dec 2008 05:17:06 +0000

[…] automated attack takes advantage to the fact that Microsoft’s IIS servers allow generic commands that don’t require specific table-level arguments. However, the vulnerability is the result of […]

By: hackademix.net » More Bad News for IE Users

hackademix.net » More Bad News for IE Users — Fri, 12 Dec 2008 17:08:26 +0000

[…] Latest updates from Microsoft: the critical remote execution bug which we already talked about affects all IE versions (included IE8 beta) on every supported Windows operating system. The bulletin also corrects some early assumptions about this unpatched vulnerability, which is being actively exploited in the wild from apparently legitimate sites infected through automated SQL injections: […]

By: hackademix.net » Escape From IE, Now!

hackademix.net » Escape From IE, Now! — Thu, 11 Dec 2008 11:32:09 +0000

[…] exploits for the latter vulnerability are being massively infiltrated inside legit web sites using automated SQL injection attacks. Give yourself a Christmas gift: if there’s a best moment for switching to a safe or to a […]

By: terrina

terrina — Mon, 24 Nov 2008 07:07:31 +0000

Someone may have done this before (we cannot know, anyway), but this time we’ve got the smoking gun of an automated tool built around it and probably sold in the underground, hence the impressive arding the SQL statements accepted verbatim as a query parameters by design, I’ve seen them too with horror. As you probably know, they even caused high profile data leaks recently.
Every time a project have impossible deadlines to be met with ridiculous budgets (i.e. almost always), some underpaid monkey coder “invents” some shortcut like that and — who knows? — they may even praise it as smart “code reuse”.
See the XSS equivalent, with CNN and CeBIT “vulnerable by design”.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
terrina
Social Bookmarking

By: Zero in a bit » Distributing Malware Through Trusted Websites

Zero in a bit » Distributing Malware Through Trusted Websites — Mon, 15 Sep 2008 20:14:06 +0000

[…] infect trusted sites like BusinessWeek? This is becoming something of a trend, as evidenced by the mass SQL Injection attacks from a few months […]

By: hackademix.net » Heart Touching Thingies

hackademix.net » Heart Touching Thingies — Sat, 09 Aug 2008 09:21:54 +0000

[…] page. Our webpage had a link on it to sdo.1000mg.cn. I started looking and found that we had the SQL injection attack currently featured at […]

By: Microsoft issues advice on SQL injection attacks « in.spite

Microsoft issues advice on SQL injection attacks « in.spite — Wed, 30 Jul 2008 13:34:17 +0000

[…] Mass attack FAQ from hackademix.net (VERY handy if you do not have a clean backed up version of your database) and U.N.Patched (the story of how the UN got their site attacked) […]