|
|
| Author |
Message |
windshell
Administrator
Joined: 15 Nov 2006
Posts: 1578
|
 Posted: 05/02/08 - 05:47 Post subject: SQL Injections - Threat for thousands of sites and gamers
|
|
|
The dynamic nature of websites, powered by back-end databases made thousands of them possible targets for injections of malicious code.
Three domains have been found to host malicious exploits that hit users while they searching the Internet. Those sites are: nmidahena.com, aspder.com and nihaorr1.com. Links to this content are turning up in thousands of links to otherwise innocent websites, thanks to almost unstoppable outbreak of SQL injection attacks.
Approximately 510,000 pages are affected by the attacks on a variety of sites.
Point of this attacks is that the bad people want to drop a gaming Trojan on victims’ systems. With ten million players alone on World of Warcraft, and thousands more on other online games, such Trojans could grab login credentials and steal billing information or in-game valuables.
It’s been found that those attacks now seek out all of the text fields in the database, adding a link to malicious JavaScript to them. The attackers especially look for .asp and .aspx pages.
Any site that offers the ability of content upload, from blogs to forum, could be at risk from the attacks. It’s been suggested however, that webmasters often check their server logs for a section of the injection code they listed in this latest post about the attacks. If it's present, the database needs to be cleaned up, and the application fixed to sanitize incoming content.
News source:
ientry.com
|
|
|
Back to top
|
|
|
|
 |
r1ky
Super Moderator
Joined: 18 Jul 2007
Posts: 2429
Location: <--
|
|
Posted: 05/02/08 - 06:16 Post subject:
|
|
|
this is bad this is bad this is bad this is bad this is bad this is bad
I don't want to be hacked:(
|
|
|
Back to top
|
|
|
|
|
Odus
Super Moderator
Joined: 06 Oct 2007
Posts: 2587
Location: The 4th Dimension
|
|
Posted: 05/02/08 - 07:24 Post subject:
|
|
|
|
Was this why uploading screenshots was disabled or was that part of script errors from database loss?
|
|
|
Back to top
|
|
|
|
|
windshell
Administrator
Joined: 15 Nov 2006
Posts: 1578
|
|
Posted: 05/02/08 - 07:25 Post subject:
|
|
|
|
Nope, I think it's due to database issues.
|
|
|
Back to top
|
|
|
|
|
asdasdasd
Supporter
Joined: 11 Feb 2008
Posts: 635
Location: Vacation. Leaving July 1. Crawling back in September where I will see BloodyBaron bow down to me!
|
|
Posted: 05/04/08 - 11:57 Post subject:
|
|
|
|
i know that people use sql inject exploits on forums such as ipb and phbb and such.
|
|
|
Back to top
|
|
|
|
|
mr_bigman
Supporter
Joined: 25 Mar 2008
Posts: 58
|
|
Posted: 05/06/08 - 16:06 Post subject:
|
|
|
|
im curious, are you saying that SQL injection is a *new* threat?
|
|
|
Back to top
|
|
|
|
|
CompleteGibberish
Administrator
Joined: 09 Feb 2007
Posts: 6182
|
|
Posted: 05/20/08 - 12:35 Post subject:
|
|
|
|
No, he is not. It has been around some 5-6 years, but it is now mainstream targeting groups that could effect gamers
|
|
|
Back to top
|
|
|
|
|
|
|
