Anatomy of a SQL Injection Incident

Blog Posting from Neil Carpenter: "A number of people are reporting that 10K+ Web sites have been hacked via a SQL injection attack that injected a link to a malicious .js file into text fields in their database.

Since the CSS Security team here at Microsoft worked with several of these incidents, I was able to look at multiple sets of data and the work that my colleagues had already done.  The first thing I noticed was that the attacks looked, with a few exceptions, identical."

See also:
XSS Detect Beta Code Analysis Tool
Microsoft Anti-Cross Site Scripting Library V1.5 



Comments (0)

Skip to main content