Home Services Contact Info

Serious SQL Injection Vulnerability

Posted in: Security by Richard Hearne on April 28, 2008
Internet Marketing Ireland

This is worth coming out of hibernation. A nasty .ASP/.ASPX exploit has been found that allows a SQL injection. More from F-Secure.

But the real issue is that this is already affecting Irish sites:

MS SQL Injection
Google.ie Pages From Ireland [nihaorr1]

2050 Infected Pages From Ireland

If you are running MS SQL on IIS servers be aware that this seems to be spreading quickly.

You should subscribe to the RSS Feed here for updates.
Or subscribe to Email Updates now:

7 Comments »

  1. [...] Via Richard Hearne. A lot of sites are being hacked with the SQL injection exploit. List of Irish ones. [...]

    Pingback by Damien Mulley » Blog Archive » Fluffy Links - Tuesday April 29th 2008 — April 29, 2008 @ 4:47 am

  2. Ouch! That is nasty but it looks like many of the sites have patched the hole, at least the ones I check on the front page of that Google search have.

    Comment by Donncha O Caoimh — May 5, 2008 @ 2:22 pm

  3. The number is down to just over 2,000 pages indexed with that search query. I know it’s not a 100% reliable measure. But after just over a week it does seem to be that more and more companies are patching their servers.

    = Paul

    Comment by paul — May 6, 2008 @ 10:56 am

  4. The most interesting piece to this puzzle is that SQL injections can only really be defended against in the site code. I wonder what some of the developers behind the Irish sites hit told their clients?

    Rgds to both
    Richard

    Comment by Richard Hearne — May 6, 2008 @ 12:47 pm

  5. I’m suspecting that most developers didn’t admit that it was a problem with their code and probably charged them to update their website to protect it :)
    = p

    Comment by paul — May 6, 2008 @ 1:11 pm

  6. btw just got a 500 server error when submitting that last comment, but it went through. I know you had problems before with your wordpress setup. I’m using FF.2.0.0.14 on WinNT.

    Comment by paul — May 6, 2008 @ 1:14 pm

  7. SQL Injection is a serious problem and is happening more than one would think. Take WordPress, for instance. One of the last versions had a injection vulnerability. The problem is that if you update, something else breaks! :S Sometimes it’s just better to stick with the bad but working rather than the new and “unknown”.

    Comment by Seologia — June 5, 2008 @ 3:49 pm

Comments Feed TrackBack

Leave a comment