Re: Mass SQL injection - dslreports.com

Author	All Replies
amungus Premium join:2004-11-26 America clubs: ·Cox HSI	reply to Name Game Re: Mass SQL injection I missed this, but it has just happened to hit our corner of the web. Not fun. Not fun for our web guru either. SQL Injection making the rounds: »blog.washingtonpost.com/security···o_1.html ...My personal favorite... »ddanchev.blogspot.com/2008/04/un···are.html The UN serving up malware Anyway, it's mess. Yes, better methods of coding won't let such an attack happen. Apparently there are LOTS of sites out there getting hit with this though... ---------------------Anyone else hit with this? Any good tips, besides re-coding things, to mitigate such an attack? ...Only other thing I've found is this: »www.aqtronix.com/?PageID=99 "What is it? AQTRONIX WebKnight is an application firewall for IIS and other web servers and is released under the GNU General Public License. More particularly it is an ISAPI filter that secures your web server by blocking certain requests. If an alert is triggered WebKnight will take over and protect the web server. It does this by scanning all requests and processing them based on filter rules, set by the administrator. These rules are not based on a database of attack signatures that require regular updates. Instead WebKnight uses security filters as buffer overflow, SQL injection, directory traversal, character encoding and other attacks. This way WebKnight can protect your server against all known and unknown attacks. Because WebKnight is an ISAPI filter it has the advantage of working closely with the web server, this way it can do more than other firewalls and intrusion detection systems, like scanning encrypted traffic." (emphasis mine) Looks like a great tool for IIS administrators. I'm trying it out tonight... Thought I'd share the link to this software, and ask if anyone else here has dealt with this issue, and if so, how. Thanks
amungus Premium join:2004-11-26 America clubs: ·Cox HSI	to forum · permalink · · 2008-05-06 16:38:33 ·
mysec Premium join:2005-11-29	See also: »isc.sans.org/diary.html?storyid=4393 »www.shadowserver.org/wiki/pmwiki···20080507 Note that these are Remote Code Execution exploits. The hacked pages have multiple iframes, each exploiting a different vulnerability, hoping to find an opening on the user's computer. said by amungus : Any good tips, besides re-coding things, to mitigate such an attack? Since most exploits these days have the end result of installing a trojan, one's security should include something to prevent downloading by remote code execution any executable not already installed on your computer. I was able to get two of the exploits to run, showing how they can be blocked: SQL exploit test
mysec Premium join:2005-11-29	to forum · permalink · · 2008-05-09 10:46:57 ·


Monday, 13-Oct 03:52:24	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. republican-creole page compression OFF