[nsp-sec] Thoughts on the mass SQL injections
Seth Hall
hall.692 at osu.edu
Mon Jun 23 12:40:10 EDT 2008
On Jun 23, 2008, at 11:58 AM, Chris Morrow wrote:
> I think, thought someone chunked the particular query type 2+ weeks
> ago so it'd return nothing or some interstitial page... if there's
> an example query I can take a poke around.
I don't really know what could be done to filter these results from
the search engine, but here's an example of what I'm talking about...
http://www.google.com/search?q=wow112
It comes back with a lot of sites with definite SQL injection
vulnerabilities. I checked the first site that showed up, and it
looks like they cleaned up the content on the page but they're still
vulnerable to SQL injection attacks. Because all of these sites are
pretty certain to be MSSQL behind ASP and tools already exist for
dumping the database schema in this scenario (a tool named HackomatiX,
but its site's down) it doesn't take too much of a stretch of the
imagination to foresee an malicious individual writing a script that
grabs all sorts of sensitive data from these sites.
Doing a search for the second level domain of almost any of the names
on http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514
comes up with similar results.
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the nsp-security
mailing list