December 16, 2008 at 6:05 pm
I read an article and New SQL Server Injection-Based Attack is Found. You can find more details at
December 16, 2008 at 6:52 pm
Actually, this documents a vulnerability, not an attack.
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
December 16, 2008 at 7:21 pm
Thanks for the correction RBarryYoung.
December 16, 2008 at 8:16 pm
But there is a current SQL injection attack against SQL Server which is designed to spread the attack against the IE 0-day. Thankfully, an out of band patch for that 0-day is due out tomorrow.
K. Brian Kelley
@kbriankelley
December 16, 2008 at 8:29 pm
Does that use this same vulnerability, Brian?
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
December 16, 2008 at 8:35 pm
No. Standard attack against user tables where SQL injection attacks are possible:
MSIE 0-day Spreading Via SQL Injection - SANS Internet Storm Center
K. Brian Kelley
@kbriankelley
December 16, 2008 at 8:40 pm
Good to know, thanks!
[font="Times New Roman"]-- RBarryYoung[/font], [font="Times New Roman"] (302)375-0451[/font] blog: MovingSQL.com, Twitter: @RBarryYoung[font="Arial Black"]
Proactive Performance Solutions, Inc. [/font][font="Verdana"] "Performance is our middle name."[/font]
Viewing 7 posts - 1 through 6 (of 6 total)
You must be logged in to reply to this topic. Login to reply