, April 30, 2008 2:47 PM
To: NT System Admin Issues
Subject: RE: New SQL Attack
I can see it right now, the IIS administrators blaming the programmers
and the programmer blaming the IIS administrators...
Then, they will come to the conclusion that it was the network
administrator's fault because
[mailto:[EMAIL PROTECTED]
Sent: Monday, April 28, 2008 12:39 PM
To: NT System Admin Issues
Subject: Re: New SQL Attack
It hit the intertubes over the last couple of weeks as a Big Thing until it
finally came clear that this is all it was (SQL Injection with Cross Site
Scripting faciliated
It just seems like the same 'ol SQL injection with a bit of cross-site
scripting to make it easier.
From: Vue, Za [mailto:[EMAIL PROTECTED]
Sent: Monday, April 28, 2008 2:54 PM
To: NT System Admin Issues
Subject: New SQL Attack
Has anyone seen this?
It hit the intertubes over the last couple of weeks as a Big Thing until it
finally came clear that this is all it was (SQL Injection with Cross Site
Scripting faciliated by inadequate input validation). Coding that didnĀ¹t
meet Best Practices somehow became an unpatched IIS issue...
On 4/28/08