Star SQL Injection Attacks on IIS Web Servers
Linked by Thom Holwerda on Mon 28th Apr 2008 19:22 UTC, submitted by Hakime
Law and Order Last week, The Washington Post reported that hundreds of thousands of IIS webservers were hacked. Code was placed on them that installed malware on visitors' computers. Among the infectees were websites from the UK government and the United Nations. Initial reports said the attackers used a security vulnerability in Microsoft's IIS, but the company published more information on the attacks today, and denies IIS was compromised.
E-mail Print r 1   · Read More · 20 Comment(s) http://osne.ws/f6y
Permalink for comment 311761
To read all comments associated with this story, please click here.
RE[2]: Three Words
by gonzo on Mon 28th Apr 2008 21:24 UTC in reply to "RE: Three Words"
gonzo
Member since:
2005-11-10

Two words: stored procedures

Two words: Not necessarily.

Three words: No dynamic SQL

Two words: Unless parameterized.

Reply Parent Bookmark Score: 10