Feed

SQL Iframe Injection resources

Posted on April 17th, 2008 in Domain News,iframes by dglosser

Tens of thousands of legitimate websites have been compromised and  have code add which will direct visitors to malicious websites. These iframes are smilar to the following (obfuscated, periods replaced with spaces):

  • <script src=”hxxp://www aspder com/1 js”> </script>
  • <script src=”hxxp://www 414151 com/fjp js”></script>
  • <script src=”hxxp://www nihaorri com/1 js”> </script>

Other domains used include:

banner82 com> wowgm1 cn direct84 com
wowgm2 cn> killwow1 cn wowyeye com
vb008 cn> 9i5t cn computershello com

A large number of these iframes being inserted into code is due to sql injection through a form or querystring. All forms and querystrings need input checking and validation.

Here are some forum posts from other website owners who are discussing this:

http://forums.iis.net/p/1148917/1867511.aspx

http://wooway.spaces.live.com/blog/cns!901DBAB8922809A5!1779.entry

http://www.webhostingtalk.com/showthread.php?t=686032

http://www.webhostingtalk.com/showthread.php?p=5064963

http://forums.iis.net/p/1148917/1867622.aspx

http://www.greensql.net/

http://www.experts-exchange.com/Security/Vulnerabilities/Q_23408074.html

http://www.experts-exchange.com/Security/Vulnerabilities/Q_23408074.html

There are even automated tools the BadGuys use to discover vulnerable web sites. The exploit just consisted of an SQL statement that tried to inject a script tag into every HTML page on a web site.

Here are some good articles on SQL Injection attacks and some tips on how to prevent them (watch wrap):

http://www.securiteam.com/securityreviews/5DP0N1P76E.html

http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx

http://blogs.technet.com/neilcar/archive/2008/03/14/anatomy-of-a-sql-injection-incident.aspx

http://blogs.technet.com/neilcar/archive/2008/03/15/anatomy-of-a-sql-injection-incident-part-2-meat.aspx

http://weblogs.asp.net/scottgu/archive/2006/09/30/Tip_2F00_Trick_3A00_-Guard-Against-SQL-Injection-Attacks.aspx

Comments are closed.