Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive SQL Injection Attack Compromises 380K URLs

Posted by CmdrTaco on Thursday March 31, 2011 @03:31AM from the that's-a-lot-of-compromise dept.

Orome1 writes "A massive SQL injection attack campaign has been spotted by Websense researchers, and the number of unique URLs affected by it has risen from 28,000 when first detected yesterday, to 380,000 when the researchers last checked. The injected script redirects users that have landed on the various infected pages to the domain in the script, which then redirects them further to a website simulating an anti-malware check and peddling a rogue AV solution."

1 of 117 comments (clear)

Min score:

Reason:

Sort:

HERE IS THE ACTUAL ATTACK CODE.... by Anonymous Coward · 2011-03-31 07:06 · Score: 3, Informative

The article is sorely missing any useful information as to what the attack is and how to protect against it....
http://stackoverflow.com/questions/3761064/need-help-with-this-xss-attack
Currently, it is aimed at IIS/MS-SQL web sites that have input forms that aren't validating the input and neutralizing HTML tags