more than 1.5 million web pages compromise by compromises
attack manifestation |
The attack is an SQL injection attack, which exploit badly written web applications and mess up a web site’s databases. Through programming errors, SQL injection attacks can be launched in any programming language. The underlying cause is that a programmer trusts input that comes from another web page. The input is passed along directly into the database; if the input is malformed in a particular way, the result is the database will run code of the attacker’s choosing.
The result of the attacks is that the web pages being visited aren’t being loaded. Previously, the attack was redirecting users to a fake antivirus site. Websense noticed the attack starting on Tuesday, when 28,000 URLs were already compromised.by taatjene, from Venturebeat
Comments