[nsp-sec] Thoughts on the mass SQL injections
Seth Hall
hall.692 at osu.edu
Mon Jun 23 09:48:16 EDT 2008
I was doing a search on google for one of the domain names being
injected to add malicious javascript to web pages and I suddenly
realized that the combination of these domain names[1] and google
searches, malicious individuals could easily hunt for verified SQL
injection vulnerabilities. Based on my attacks against sites on our
network, I can only imagine how many of these sites have sensitive
data which is just waiting for someone to come along and take
advantage of it.
To the Google guys, is anyone there working to remove or hide these
results from searches? It seems like it could be a boon to the
internet community at large if these vulnerable sites weren't quite so
easy to find.
.Seth
1. http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the nsp-security
mailing list