Anatomy of a SQL Injection Incident

Mass SQL injection coming to an IIS + ASP server near you . . .

Robert Hensing's Blog — Sat, 15 Mar 2008 12:21:14 GMT

My friend Neil has a pretty good post on the mass SQL injection stuff that was reported in the press

re: Anatomy of a SQL Injection Incident

anonymous — Mon, 17 Mar 2008 14:07:17 GMT

This seems to repeat what the Internet Storm Center wrote on Januari 9th, and they linked it back to November 2007.

re: Anatomy of a SQL Injection Incident

neilcar — Mon, 17 Mar 2008 16:20:06 GMT

You're quite right -- this looks like another wave of the same attack. I was aware of the earlier incidents but I hadn't seen any data from them.

re: Anatomy of a SQL Injection Incident

eponymous — Mon, 17 Mar 2008 22:09:57 GMT

isn't this the same or similar attack vector to the RIAA hack a few months ago

Se prémunir des attaques de type "SQL Injection"...

SQL Server, BizTalk Server, le 64 bits et au-delà !... — Wed, 19 Mar 2008 11:35:17 GMT

Pour mieux comprendre les risques auxquels sont exposées vos bases de données, il est intéressant

re: Anatomy of a SQL Injection Incident

Michael Doe — Sat, 22 Mar 2008 20:18:26 GMT

Hi Neil,

I work as System Engineer in a large ISP company and we are hosting a large number of legacy ASP applications which contain SQL Injection flaws. I have been using this tool when clients agree:

http://www.codeplex.com/IIS6SQLInjection

So far the results have been very good and I have not had problems (except that I cannot install in 64 bit). Do you know something about this tool? Is there a way to make it work in 64 bit?

Thanks,

P.S.: I am not using my real name to avoid problem with my clients.

Anatomy of a SQL Injection Incident

Microsoft Switzerland Security Blog — Wed, 26 Mar 2008 10:11:56 GMT

Blog Posting from Neil Carpenter: "A number of people are reporting that 10K+ Web sites have been hacked

Mass SQL Injection -- Get Used To It

Neil Carpenter's Blog — Fri, 04 Apr 2008 21:00:45 GMT

It looks like another wave of the mass SQL injection I talked about last month is going on.  The

SQLInjectionFinder

Neil Carpenter's Blog — Tue, 27 May 2008 20:51:27 GMT

My colleague Greg , who has forgotten more about command line scripting than I will ever know, put together

SQL Injection General Guidance

Microsoft Switzerland Security Blog — Wed, 28 May 2008 11:13:10 GMT

There s a lot of noise arround currently ongoig SQL injection attacks and even if that is quite an "old"

The latest SQL Injection Attacks

Roger's Security Blog — Fri, 30 May 2008 10:41:22 GMT

Well, there was quite some chatter over the last few weeks with regards to the massive defacements we

Inyección SQL... esta bajo ataque?

Todo es posible, nada es seguro — Mon, 16 Jun 2008 11:55:24 GMT

Hay muchos sitios y blogs que hablan sobre el tema de inyección SQL. Puede encontrar toda la información

SQL Injection attacks

Troubleshooting and Tips - Cindy Gross — Wed, 25 Jun 2008 03:17:56 GMT

<p>This year SQL injection attacks are being stepped up and even automated against SQL Server. While SQL injection attacks can occur against any DBMS, my blog will only address SQL Server.</p ...

SQL Injection Atacken

Schweizer IT Professional und TechNet Blog — Wed, 25 Jun 2008 09:03:07 GMT

Vielen von Ihnen ist es beretis bekannt, dass es seit einigen Monaten SQL injection Attacken gegen angreifbare

Análisis de logs de IIS utilizando Log Parser

Gabriel Carreras — Thu, 30 Apr 2009 15:48:18 GMT

Log Parser es una herramienta que permite analizar gran cantidad de datos de forma muy eficiente utilizando