Simon Willison’s Weblog

Subscribe
Atom feed for massattack

1 item tagged “massattack”

2008

Mass Attack FAQ. Thousands of IIS Web servers have been infected with an automated mass XSS attack, not through a specific IIS vulnerability but using a universal XSS SQL query that targets SQL Server and modifies every text field to add the attack JavaScript. If an app has even a single SQL injection hole (and many do) it is likely to be compromised.

# 26th April 2008, 9:12 am / iis, massattack, security, sql, sql-injection, sqlserver, xss