Simon Willison’s Weblog

26th April 2008 - Link Blog

Mass Attack FAQ. Thousands of IIS Web servers have been infected with an automated mass XSS attack, not through a specific IIS vulnerability but using a universal XSS SQL query that targets SQL Server and modifies every text field to add the attack JavaScript. If an app has even a single SQL injection hole (and many do) it is likely to be compromised.

Posted 26th April 2008 at 9:12 am

Recent articles

Anthropic's Project Glasswing - restricting Claude Mythos to security researchers - sounds necessary to me - 7th April 2026
The Axios supply chain attack used individually targeted social engineering - 3rd April 2026
Highlights from my conversation about agentic engineering on Lenny's Podcast - 2nd April 2026

This is a link post by Simon Willison, posted on 26th April 2008.

iis 2 massattack 1 security 595 sql 111 sql-injection 18 sqlserver 3 xss 60

Monthly briefing

Sponsor me for $10/month and get a curated email digest of the month's most important LLM developments.

Pay me to send you less!

Sponsor & subscribe