How Autoweb site dealt with Microsoft SQL Server injection attack

The massive wave of SQL injection attacks that started striking Microsoft-based Web sites around the world more than a week ago claimed as one of its victims Autoweb, a U.K.-based advertising and marketing site. The ongoing attack, which hit Autoweb on a late Friday, exploited a vulnerability in a single line of code in the […]

The massive wave of SQL injection attacks that started striking Microsoft-based Web sites around the world more than a week ago claimed as one of its victims Autoweb, a U.K.-based advertising and marketing site.

The ongoing attack, which hit Autoweb on a late Friday, exploited a vulnerability in a single line of code in the Web application to pierce through to the company’s Microsoft SQL database, inject 30 characters to overwrite content, defaced Web pages, and ultimately knocked the site offline. The attack left Web pages that would attempt to inject malicious code into browsers of Web visitors.

Full Article

Microsoft, SQL Server, Vulnerability, SQL Injection, Security, Hacking, Intrusion