[nsp-sec] Thoughts on the mass SQL injections
Chris Morrow
morrowc at ops-netman.net
Mon Jun 23 12:48:57 EDT 2008
On Mon, 23 Jun 2008, Seth Hall wrote:
>
> On Jun 23, 2008, at 11:58 AM, Chris Morrow wrote:
>> I think, thought someone chunked the particular query type 2+ weeks ago so
>> it'd return nothing or some interstitial page... if there's an example
>> query I can take a poke around.
>
>
> I don't really know what could be done to filter these results from the
> search engine, but here's an example of what I'm talking about...
> http://www.google.com/search?q=wow112
>
> It comes back with a lot of sites with definite SQL injection
> vulnerabilities. I checked the first site that showed up, and it looks like
> they cleaned up the content on the page but they're still vulnerable to SQL
> injection attacks. Because all of these sites are pretty certain to be MSSQL
> behind ASP and tools already exist for dumping the database schema in this
> scenario (a tool named HackomatiX, but its site's down) it doesn't take too
> much of a stretch of the imagination to foresee an malicious individual
> writing a script that grabs all sorts of sensitive data from these sites.
>
> Doing a search for the second level domain of almost any of the names on
> http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514 comes up with
> similar results.
ah! ok... sorry, so I thought this was one of the variants of the search
for *.asp as a page name with some other fingerprint for content ... which
I think was 'blocked' about 2 weeks ago.
-Chris
More information about the nsp-security
mailing list