Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 07, 2016, 06:19:30 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Vuln. Alert: BusinessWeek SQL Injection  (Read 1485 times)

Ehtyar

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 1,237
    • View Profile
    • Donate to Member
Vuln. Alert: BusinessWeek SQL Injection
« on: September 17, 2008, 03:43:23 AM »
The BusinessWeek magazine's website has suffered an attack on an SQL injection vulnerability in its pages causing it to serve up malware.

Screenshot - 17_09_2008 , 6_42_44 PM_thumb.png


Quote
The Web site of BusinessWeek magazine suffered a major SQL injection attack in recent days that left it hosting malware on hundreds of its pages, security vendor Sophos PLC has reported.

Once compromised by such a server hole, the attack scripts could, in principle, launch anything desired by the attacker except currently included code for automatic attacks based on JavaScript. That means a visitor could be hit by malware just by landing on one of the pages, without even interacting in any way.

Full Story
Second Reference

Ehtyar.