28-08-07

how simple is sql injection for stupid people

and how stupid are webmaster to underestimate the power of sql injection and not to patch or upgrade or just throw out the stuff they didn't need anyway

take an sql injection exploit

look for the Google dork (search term)

look for the search term for its own search engine

do the Google

type in the search term

click for results

see the passwords of sites flipping up before your eyes

be amazed  be afraid  be very afraid

it really does not take more than that and I am not going to publish here the names of the exploits, google dorks and sites with which it works, but it works and webmasters should really test their site profoundly and upgrade and patch it all the time.

and in fact this goes for many exploits so have an inventory of all - all - your OS, applications and software that is not inside your network behind your firewalls and patch fast and if you are serious about your ebusiness, place an HIDS, set it after an reverse proxy and application firewall and if you have some more money subscribe to some 0day information service or defense.

00:14 Gepost door technology changes fast not a lot in Algemeen | Permalink | Commentaren (0) |  Facebook |

De commentaren zijn gesloten.