Sunday, October 1, 2006 10:27 AM
Finding Sites That Allow SQL Injection Attacks
Michael Sutton recently blogged on creating a SQL Injection Attack crawler app that used Google to locate sites thar were susceptible to SQL Injection attacks. Scott Guthrie mentions the post in his blog. Take a look at Michael's and Scott's posts. Very scary stuff. I guess I thought everyone knew this stuff already but then again it doesn't suprise me because everytime I do my SQL Injection talk people still appear to be hearing this for the first time.
FYI: I wrote a very popular article for MSDN Magazine on SQL Injection Attacks a couple of years ago. I believe it is one of the better articles explaining how the attacks work and why you need to care about them. It also goes over how to prevent them (as do numerous posts and articles including Scott Guthrie's recent post).
Also, you can download slides and samples from my last "Hacked" talk which included a discussion of SQL Injection attacks. (Note all the samples were for ASP.NET 1.1).