Chaos Magnet

Malicious Code Injection: It's Not Just for SQL Anymore

A company I know has discovered that all of the sites it built in the late 1990's and early 2000's are vulnerable to SQL Injection attacks, where a malicious user can obtain the contents of the database (or do other nasty things) without much effort. Every single one. I recently found (and patched) a similar problem in Syfy Portal's code. (No, I didn't write it, thankfully, but I could have.)

Turns out that SQL injection isn't the only way to perform this attack.

Good advice here.

Technorati tags: hacking | cracking | sql+injection | malicious+code+injection |

src="http://feeds.feedburner.com/~s/ChaosMagnet?i=http://www.chaosmagnet.com/blog/archives/000857.html" type="text/javascript" charset="utf-8">