[nsp-sec] Thoughts on the mass SQL injections
Yonglin ZHOU
yonglin.zhou at gmail.com
Mon Jun 23 21:49:36 EDT 2008
Hi Seth,
On 6/24/08, Seth Hall <hall.692 at osu.edu> wrote:
> ----------- nsp-security Confidential --------
>
>
> On Jun 23, 2008, at 11:58 AM, Chris Morrow wrote:
>> I think, thought someone chunked the particular query type 2+ weeks
>> ago so it'd return nothing or some interstitial page... if there's
>> an example query I can take a poke around.
>
>
> I don't really know what could be done to filter these results from
> the search engine, but here's an example of what I'm talking about...
> http://www.google.com/search?q=wow112
When I trid it I did get a great deal of result. But most of them are
pages talking about the SQL injection attacks in articles. I think
this case is not a good choice for bad guy already.
Talking about t filtering potential dangerious queries, I think it is
not fair to only ask google to do that and other search engine vedors
not. Anyway they have competations.
Besides, maybe to make a standard of malicous queries block for all
the search engine is necessary. Then CSIRT teams could provide
keywords in uniform format for their easy use.
Just my 2 cents.
Yonglin.
>
> It comes back with a lot of sites with definite SQL injection
> vulnerabilities. I checked the first site that showed up, and it
> looks like they cleaned up the content on the page but they're still
> vulnerable to SQL injection attacks. Because all of these sites are
> pretty certain to be MSSQL behind ASP and tools already exist for
> dumping the database schema in this scenario (a tool named HackomatiX,
> but its site's down) it doesn't take too much of a stretch of the
> imagination to foresee an malicious individual writing a script that
> grabs all sorts of sensitive data from these sites.
>
> Doing a search for the second level domain of almost any of the names
> on http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20080514
> comes up with similar results.
>
> .Seth
>
> ---
> Seth Hall
> Network Security - Office of the CIO
> The Ohio State University
> Phone: 614-292-9721
>
>
>
> _______________________________________________
> nsp-security mailing list
> nsp-security at puck.nether.net
> https://puck.nether.net/mailman/listinfo/nsp-security
>
> Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
> community. Confidentiality is essential for effective Internet security
> counter-measures.
> _______________________________________________
>
--
-------[CNCERT/CC]-----------------------------------------------
Zhou, Yonglin 【周勇林】
CNCERT/CC, P.R.China 【国家计算机网络应急技术处理协调中心】
Tel: +86 10 82990355 Fax: +86 10 82990399 Web: www.cert.org.cn
Finger Print: 9AF3 E830 A350 218D BD2C 2B65 6F60 BEFB 3962 1C64
-----------------------------------------------[CNCERT/CC]-------
More information about the nsp-security
mailing list