Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input - 6/24/2008 |
|
| BugsAlert Home > Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input - 6/24/2008 | |
|
Revision Note: Advisory published. Advisory Summary:Microsoft is aware of a recent escalation in a class of attacks targeting Web sites that use Microsoft ASP and ASP.NET technologies but do not follow best practices for secure Web application development. These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database. When a SQL injection attack succeeds, an attacker can compromise data stored in these databases and possibly execute remote code. Clients browsing to a compromised server could be forwarded unknowingly to malicious sites that may install malware on the client machine. Original Source: http://www.microsoft.com/technet/security/advisory/954462.mspx Learn more about Microsoft Security Advisory (954462): Rise in SQL Injection Attacks Exploiting Unverified User Data Input - 6/24/2008 |
|
|
Tags: microsoft security advisory 954462 rise sql injection attacks exploiting unverified user data input 2008 |
|
Related Items |
|
|
Joomla PaxGallery Component "gid" SQL Injection Vulnerability
|
|
|
Vuln: RadASM '.rap' Project File Buffer Overflow Vulnerability
|
|
|
Bugtraq: Motorola Timbuktu's Internet Locator Service real-time data exposed to public.
|
|
|
Serious security flaw found in IE
|
|
|
WORM_SILLY.CZ
|
|
|
CVE-2008-3780 (five_star_review_script)
|
|
|
FrSIRT - Firebird 2 Denial of Service and Information Disclosure Vulnerabilities
|
|
