zed260
join:2007-09-30
Cleveland, TN | iis hacked
»blog.washingtonpost.com/security···rss_blog
lol looks like ms has big problem on there hand |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | And this is something to laugh at...why? |
|
zed260
join:2007-09-30
Cleveland, TN | reply to zed260
well it justs proves how foolish ppl are to trust ms for web servers |
|
jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
Scottsdale, AZ | reply to zed260
Is there any server that is to be trusted 100%? MS is no different than anyone else, IMHO...no better and no worse. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| reply to zed260
said by zed260  :well it justs proves how foolish ppl are to trust ms for web servers It proves nothing of the sort: I believe this is the first remote vuln in IIS6 - it's had a spectacular security record for years now. |
|
zed260
join:2007-09-30
Cleveland, TN | reply to zed260
anyway i personly would not trust ms for web servers i prefer linux
but for desktop i prefer windows because of application compatibility |
|
ihaddsl
join:2001-12-05
/dev/hda0
 ·Comcast
| reply to zed260
I'm not sure this is actually an IIS flaw, from what I've read, this looks like an SQL injection attack against unprotected asp pages. (used to inject a link to a malicious url- which then in turn exploits visitors computers via some puplished MS vulnerabilities)
anyone have any better info? |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| I don't think so: the article references Microsoft Advisory 951306, which suggests it's not an application thing.
--
Stephen J. Friedl | Unix Wizard | Microsoft Security MVP | Tustin, California USA | my web site |
|
ihaddsl
join:2001-12-05
/dev/hda0
·Comcast
1 edit | said by Steve :I don't think so: the article references Microsoft Advisory 951306, which suggests it's not an application thing. The article is a little confusing on this point - it seems to make reference to this recent spate of attacks as this is what has affected the UN, and several Uk govt sites, however from information I've read this attack is a pure sql injection vector.
So, either the article is incorrect in this regard, or the IIS vuln is somehow also implicated, or this is a completely unrelated attack vector. Not sure which at this time. |
|
braden
join:2001-12-12
Aliso Viejo, CA | reply to zed260
Thanks for expressing your opinions, zed. Helps keep my ignore list at it's most effective. |
|
bobince
join:2002-04-19
DE
| reply to zed260
It's nothing to do with IIS, or Q951306. It's an automated SQL injection hack hitting poorly-written web applications that aren't escaping parameters when they put together SQL statements.
The reason it affects predominantly sites hosted on IIS is that the injection code is written for SQL Server, and SQL Server users are typically MS shops also running IIS.
Many PHP applications running on Apache are similarly poorly-written, but they tend to use MySQL as the backend instead. Whilst there are still problems with allowing SQL injection on MySQL, the situtation isn't quite as bad as with SQL Server because MySQL doesn't permit multiple SQL commands to be chained into one query. This makes it impossible to craft the more complicated exploits like this one, which executes statements to insert the bogus content into other database tables.
Whether you code in ASP, PHP, or anything else, you really need to stop making SQL statements by blindly concatenating strings, guys. |
|
Steve
I'm a PC, so shut up
Consultant
join:2001-03-10
Yorba Linda, CA
| said by bobince :Whether you code in ASP, PHP, or anything else, you really need to stop making SQL statements by blindly concatenating strings, guys. I wholeheartedly agree  |
|
seqrets
Premium
join:2001-05-03
Nederland, TX
clubs: | reply to zed260
Slahdot had a post on it yesterday.
»it.slashdot.org/article.pl?sid=0···from=rss |
|
