Simon Willison’s Weblog

Blogmarks tagged xss, security, sqlinjection, massattack

Filters: Type: blogmark × xss × security × sqlinjection × massattack ×

Mass Attack FAQ. Thousands of IIS Web servers have been infected with an automated mass XSS attack, not through a specific IIS vulnerability but using a universal XSS SQL query that targets SQL Server and modifies every text field to add the attack JavaScript. If an app has even a single SQL injection hole (and many do) it is likely to be compromised. # 26th April 2008, 9:12 am