RE: New SQL Attack

, April 30, 2008 2:47 PM To: NT System Admin Issues Subject: RE: New SQL Attack I can see it right now, the IIS administrators blaming the programmers and the programmer blaming the IIS administrators... Then, they will come to the conclusion that it was the network administrator's fault because

RE: New SQL Attack

[mailto:[EMAIL PROTECTED] Sent: Monday, April 28, 2008 12:39 PM To: NT System Admin Issues Subject: Re: New SQL Attack It hit the intertubes over the last couple of weeks as a Big Thing until it finally came clear that this is all it was (SQL Injection with Cross Site Scripting faciliated

RE: New SQL Attack

It just seems like the same 'ol SQL injection with a bit of cross-site scripting to make it easier. From: Vue, Za [mailto:[EMAIL PROTECTED] Sent: Monday, April 28, 2008 2:54 PM To: NT System Admin Issues Subject: New SQL Attack Has anyone seen this?

Re: New SQL Attack

It hit the intertubes over the last couple of weeks as a Big Thing until it finally came clear that this is all it was (SQL Injection with Cross Site Scripting faciliated by inadequate input validation). Coding that didn¹t meet Best Practices somehow became an unpatched IIS issue... On 4/28/08