Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers

News

Web Server Security

Phishing

Database Security

Application Server Security

Library

Vulnerability Archive

Secure Development

Web Services

Pen Test

AJAX

Application Firewalls

Main -> Internet Security News

TOPIC'S

Advertising

Old News

About

Resume

Contact

FAQ

Irc

Links

Books

Demos

Papers

Downloads

Advisories

Contributions

Security Services

Submit News

Syndicated News

Hosting generously provided by

www.mv.com

Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers

Posted 4/28/08 by Robert from the 'parameterized queries 4 lyfe' department

"There�s been a lot of noise and violent thrashing over the last couple days regarding a flaw that was originally believed to be a flaw in Microsoft�s IIS (Internet Information Server), but has since been pointed out as simply a well thought out SQL Injection attack.

For those of you who aren�t familiar with SQL Injection attacks, it�s a pretty well known web application attack vector that exists in high volume on dynamic applications, say for instance, on your banking site. SQL Injection allows an attacker to subvert the logic of the currently running SQL query in order to interact with data more interesting to the attacker, bypass authentication/authorization, or run arbitrary commands on the operating system of the database server. "

Article Link: http://blogs.zdnet.com/security/?p=1059
Link to this Story: Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers
Link: Have a Site Suggestion, Material Request, or News? Submit it!
News RSS Feed: Web Security news RSS Feed

Discuss this article Find Related Stories