Powerful, simple new mass SQL injection attack opens 180K sites

Exploit, related to last spring's Liza Moon, is simple and highly adaptable

By  

Here is Armorize's more detailed decode of the mass injection script.

The actual malicious code is hidden by character codes that change letters in the script to numbers to conceal them as the virus moves through firewalls.

The tool searches for sites that are vulnerable to this particular attack, and directs itself against those sites, Rothacker writes.

There's no easy way to fix the vulnerability of the database to this attack except to "harden" the database by applying all the patches and making all the security requirements consistent. Monitoring the database for unusual activity is important, too.

The key is to keep the injections out in the first place.

To do that, the main web server should check other web apps to make sure they have credentials giving them permission for access to the site and validation of who they are, rather than just letting any unauthenticated process launch new code, Rothacker writes.

Users should also have specific limits on their access. Unknown users or those just recently signed up should not get more than Read access to anything but the most basic information and forms whose content will be analyzed to reduce the chance malicious code is already present.

Read more of Kevin Fogarty's CoreIT blog and follow the latest IT news at ITworld. Follow Kevin on Twitter at @KevinFogarty. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Spotlight on ...
Online Training

    Upgrade your skills and earn higher pay

    Readers to share their best tips for maximizing training dollars and getting the most out self-directed learning. Here’s what they said.

     

    Learn more

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness