« New Site Addressing Python Security | Main | WASC Web Hacking Incident Database Semi-Annual Report for 2010 »

Apple website hit with SQL Injection

"A hack attack that can expose users to malware exploits has infected more than 1 million webpages, at least two of which belong to Apple.

The SQL injection attacks bombard the websites of legitimate companies with database commands that attempt to add hidden links that lead to malware exploits. While most of the sites that fell prey appear to belong to mom-and-pop operations, two of the infections hit pages Apple uses to promote iTunes podcasts, this Google search shows. The malicious links appear to have been removed since Google last indexed the pages in early August." - TheRegister

Full Article: http://www.theregister.co.uk/2010/08/17/apple_sql_attack/


Feed You can follow this conversation by subscribing to the comment feed for this post.

All Comments are Moderated and will be delayed!

Someone has a clear idea on how they could do it? If Apple has some malicious links, I could be infected too...

I wonder how there can still be sql-injections when there are escape functions which can make an sql-query perfectly safe. Are there new techniques being used? Or was it a website flaw not to use any escaping? Or was it that the websites didn't escape data which used to be safe, but can now be compromised?

To answer to my previous post (I just read it in the whole article on theregister.co.uk :blush: ): the SQL attack is not a new technique and was successful due to bad input filtering.