http://cyberinsecure.com/another-sql-injection-worm-making-rounds-with-4000-websites-infected/ Daily cyber threats and internet security news: network security, online safety and latest security alerts Fri, 12 Mar 2010 13:06:54 +0000 http://wordpress.org/?v=abc http://cyberinsecure.com/another-sql-injection-worm-making-rounds-with-4000-websites-infected/#comment-340 Dave Tue, 13 May 2008 19:28:35 +0000 http://cyberinsecure.com/another-sql-injection-worm-making-rounds-with-4000-websites-infected/#comment-340 The method of attack is a POST to an SQL database. There are few if any scanners that detect the POST vulnerability if the code is GET protected. A manual review of any code having access to a database would be in order. Search all files for the following string "request.querystring". This string limits the SQL injection filtering to GETS and does not filter POSTS. To fix the problem, remove ".querystring". There may be other attack vectors but I have seen this one successful on sites scanned and found to be safe by several security scanners. The method of attack is a POST to an SQL database. There are few if any scanners that detect the POST vulnerability if the code is GET protected. A manual review of any code having access to a database would be in order. Search all files for the following string “request.querystring”. This string limits the SQL injection filtering to GETS and does not filter POSTS. To fix the problem, remove “.querystring”. There may be other attack vectors but I have seen this one successful on sites scanned and found to be safe by several security scanners.

]]>