A Rise in SQL Injections in ASP.Net Websites{3}

by Toan T
The article that I read talks about how there is report of spikes in mass SQL injection attacks in web applications especially sites that use ASP, ASP.Net and MS-SQL. These attacks are different from what seen in the past. Instead of seeking to extract data from commerce sites, these attacks are automated and can drop malicious code on the the website that it is attacking. This type of attack is also known as XSS or cross-site scripting attack. A research from Trustwave SpiderLabs describe it as “using SQL injection on the front end to inject in JavaScript code that results in sending regular users to a Web page that’s dynamically created based on different database components, pulling in malicious JavaScript into the browser that redirects to a malware site.” Hackers have now found a new way to infiltrate web site by targeting HTML tags that were dynamically create and then prepend a closing title HTML tag so when the tag gets into the browser, it will cleanly close the title content that was already there and inject from behind to execute the javascript.

It is scary how new methods of cyber attacks are being thought off everyday while current ones are being patched. It is important to not only have a secure back-end of the application but also a impenetrable front-end because hackers can simply just use the codes that were written for the website and then turn it into something malicious without us knowing.

Chickowski, E. (2012, May 9). Mass SQL Injections Spike Again. Dark Reading. Retrieved May 28, 2012, from http://www.darkreading.com/database-security/167901020/security/news/240000077/mass-sql-injections-spike-again.html