Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Bots Doing SQL Injection Attacks

Posted by Soulskill on from the it's-not-a-bug,-it's-a-feature dept.

ccguy writes "It seems that while Google could really care less about your site and has no real interest in hacking you, their automated bots can be used to do the heavy lifting for an attacker. In this scenario, the bot was crawling Site A. Site A had a number of links embedded that had the SQLi requests to the target site, Site B. Google Bot then went about its business crawling pages and following links like a good boy, and in the process followed the links on Site A to Site B, and began to inadvertently attack Site B."

4 of 156 comments (clear)

  1. Re:HTTP RFC - Section 9.1 Safe and Idempotent Meth by Anonymous Coward · · Score: 5, Funny

    This is Slashdot. What do we know about GET HEAD methods?

  2. Re:could not care less by Anonymous Coward · · Score: 5, Funny

    Means the same thing irregardless.

  3. Re:How about Yahoo "bots", Bing "bots" ? by Kalriath · · Score: 1, Funny

    You must work for some really shit firms, cause it's a well know fact that what you're saying is bullshit.

    --
    For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  4. Re:Read RFC 2616: Safe and Idempotent Methods .. by mysidia · · Score: 1, Funny

    I don't get it. What's unsafe about "select * from catalog where id=".$_GET["id"]?

    Dude... you forgot to encrypt your databases.... it should be

    $catalogname = str_rot13('catalog'); $idname = str_rot13('id');

    $id = str_replace(';', '', $id, ); ... "select * from $catalogname where $idname=".$id

    Make sure to insist that register_globals is set to On in the PHP settings for the web server.