[nsp-sec] Thoughts on the mass SQL injections

Smith, Donald Donald.Smith at qwest.com
Mon Jun 23 15:07:51 EDT 2008 


Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac 

> -----Original Message-----
> From: nsp-security-bounces at puck.nether.net 
> [mailto:nsp-security-bounces at puck.nether.net] On Behalf Of Seth Hall
> Sent: Monday, June 23, 2008 10:40 AM
> To: Chris Morrow
> Cc: nsp-security NSP
> Subject: Re: [nsp-sec] Thoughts on the mass SQL injections
> 
> ----------- nsp-security Confidential --------
> 
> 
> On Jun 23, 2008, at 11:58 AM, Chris Morrow wrote:
> > I think, thought someone chunked the particular query type 
> 2+ weeks  
> > ago so it'd return nothing or some interstitial page... if there's  
> > an example query I can take a poke around.
> 
> 
> I don't really know what could be done to filter these results from  
> the search engine, but here's an example of what I'm talking about...
>    http://www.google.com/search?q=wow112

Filtering those out of google only "fixes" one search engine.
There are a lot of search engines out there do we expect to get this
type of "cooperation" from other search engine owners?

Speaking of which are there other search engine owners we should have on
this list?


> 
> It comes back with a lot of sites with definite SQL injection  
> vulnerabilities.  I checked the first site that showed up, and it  
> looks like they cleaned up the content on the page but they're still  
> vulnerable to SQL injection attacks.  Because all of these sites are  
> pretty certain to be MSSQL behind ASP and tools already exist for  
> dumping the database schema in this scenario (a tool named 
> HackomatiX,  
> but its site's down) it doesn't take too much of a stretch of the  
> imagination to foresee an malicious individual writing a script that  
> grabs all sorts of sensitive data from these sites.
> 
> Doing a search for the second level domain of almost any of 
> the names  
> on http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514  
> comes up with similar results.
> 
>    .Seth
> 
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
> 
> 
> 
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
> 
> Please do not Forward, CC, or BCC this E-mail outside of the 
> nsp-security
> community. Confidentiality is essential for effective 
> Internet security counter-measures.
> _______________________________________________
> 
> 


This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly 
prohibited and may be unlawful.  If you have received this communication 
in error, please immediately notify the sender by reply e-mail and destroy 
all copies of the communication and any attachments.

More information about the nsp-security mailing list