Beginning late last year, a number of websites were defaced to include malicious HTML <script> tags in text that was stored in a SQL database and used to generate dynamic web pages. These attacks began to accelerate in the first quarter of 2008 and are continuing to affect vulnerable web applications.
The web applications compromised share several commonalities:
- Application uses classic ASP code
- Application uses a SQL Server database
- Application code generates dynamic SQL queries based on URI query strings (http://consoto.com/widgets.asp?widget=sprocket)