SQL injection

Lizamoon attack "most successful SQL injection attack ever"

I had just finished a presentation today on the very real need for web application protection to protect against SQL injection and Cross-Site Scripting attacks, when I came across the following two articles:


The attack injects a legitimate website with a link to a malicious site which, when accessed, loads a pop-up which attempts to get the site visitor to install a fake anti-malware product, pertaining to be from Microsoft.

To get an idea of how many sites have been compromised by the first wave of the attack, simply Google the following: “lizamoon[dot]com[slash]ur.php”.

As the attack spreads it has now been modified to inject links to other rogue domains hosting the same piece of malware.