Inject mah data with special sauce

August 8, 2008

So a primary attack vector these days is seeding legitimate websites with links to malicous websites that exploit browsers and drop malware to users.  This attack vector is called SQL injection which is a take off of the ages old technique of exploiting systems that do not sanitize and validate user input.. Sound Familar?  It basically inserts SQL language code into websites with database backends and makes modifications to the website content.  Think modification of every single page on the site to host an invisible obfuscated Javascript with an Iframe in it. 

In a YA(for fun and profit paper) the guys at Gothan Digital Science present a good rollup on these issues and what you can do with them. NGSsoftware also has great stuff and tools for these problems.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: