If your in a Jam and need to know what this is fast- A SQL Injection is defined as: A form of attack on a database-driven Web site in which the attacker executes unauthorized SQL commands by taking advantage of insecure code on a system connected to the Internet.
Basically a SQL Injection allows an attacker to bypass security measures such as Logons, Admin Panels, and/or retrieve sensitive customer Data from your web-attached database. An example of a SQL injection would be:
statement := "SELECT * FROM users WHERE name = '" + userName + "';"
This would allow an attacker to pull up stats on a specified username.
What this most recent attack (Listed below) does is it can automatically run a series of common SQL Exploits to gain access to your server and run malicious code giving them access to any of your customer's computers. More to come later
Tens of thousands of Web sites have been compromised by an automated SQL injection attack, and although some have been cleaned, others continue to serve visitors a malicious script that tries to hijack their PCs using multiple exploits, security experts said this weekend.
View Story
-
No comments:
Post a Comment