Encoded Automated SQL Injection Attacks

Download Now Free registration required

Executive Summary

Off late NetSPI has seen a sharp increase m encoded automated SQL injection attacks against Internet-facing web applications. At the time of publication, it estimate that more than 2.5 million web pages have been infected to date by over 350 known attack URLs. The primary characteristic of these attacks is a binary encoded SQL command injected in the database through a vulnerable web page-Once the command is executed; the database is scoured for text-based fields, which are updated with a simple JavaScript redirect. This script sends unsuspecting web site visitors to a malicious site where they will inadvertently download and install malware.

  • Format: PDF
  • Size: 197.74 KB