The Register® — Biting the hand that feeds IT

Feeds

Potent malware link infects almost 300,000 webpages

A security researcher has identified a new attack that has infected almost 300,000 webpages with links that direct visitors to a potent cocktail of malicious exploits. The SQL injection attacks started in late November and appear to be the work of a relatively new malware gang, said Mary Landesman, a researcher with ScanSafe, a …

This topic is closed for new posts.
Chris iverson

simple attack

Just gonna quickly blackhole that domain before anyone finds out

Steve Roper
FAIL

SQL injection is easily prevented

if you parse your (PHP) input with:

$params['name'] = isset($_POST['name']) ? mysql_real_escape_string($_POST['name']) : '';

or if it's a numerical value you're expecting, even better:

$params['name'] = isset($_POST['name']) ? (int)($_POST['name']) : 0;

(use $_GET['name'] if you're passing parameters in the URL.)

And HTML injection is removed simply by:

$params['name'] = preg_replace("/\<.*\>/g", "", $params['name']);

Then you only work with the clean $params[] array. There's no reason any webmaster can't implement these most basic code checks. It's not rocket science.

Chris Miller
Reply Icon

It's not rocket science

True - and in the .NET world you can use urlscan.

But it becomes trickier when you're responsible for a large, complex web site with poor documentation (and, trust me, there are rather a lot of these). Retrofitting is non-trivial and you may also need to introduce security testing and change management processes to ensure that vulnerabilities are not inadvertently reintroduced.

This topic is closed for new posts.