Automated SQL Injection Critically Compromises Websites
According to Rapid7, a provider of security solutions to business organizations, on May 13, 2008, several Websites that came under SQL injection attack have been affected after their content got modified. This has resulted in malware installation onto all those computers that accessed those sites.
Security Researchers at Rapid7 said that these Websites were susceptible to SQL injection and those that were succumbed to hack with the use of this automated toolkit. Furthermore, by running a Google search for the malware-loaded server name, attackers could know the sites that had been already hacked.
In the attack using the "winzipices.cn" SQL injection, the target was on Web programs based on Microsoft's SQL Se...
» SPAMfighter News - 19-05-2008