A Rise in SQL Injections in ASP.Net Websites

by Toan T
The article that I read talks about how there is report of spikes in mass SQL injection attacks in web applications especially sites that use ASP, ASP.Net and MS-SQL. These attacks are different from what seen in the past. Instead of seeking to extract data from commerce sites, these attacks are automated and can drop malicious code on the the website that it is attacking. This type of attack is also known as XSS or cross-site scripting attack. A research from Trustwave SpiderLabs describe it as “using SQL injection on the front end to inject in JavaScript code that results in sending regular users to a Web page that’s dynamically created based on different database components, pulling in malicious JavaScript into the browser that redirects to a malware site.” Hackers have now found a new way to infiltrate web site by targeting HTML tags that were dynamically create and then prepend a closing title HTML tag so when the tag gets into the browser, it will cleanly close the title content that was already there and inject from behind to execute the javascript.

It is scary how new methods of cyber attacks are being thought off everyday while current ones are being patched. It is important to not only have a secure back-end of the application but also a impenetrable front-end because hackers can simply just use the codes that were written for the website and then turn it into something malicious without us knowing.

Chickowski, E. (2012, May 9). Mass SQL Injections Spike Again. Dark Reading. Retrieved May 28, 2012, from http://www.darkreading.com/database-security/167901020/security/news/240000077/mass-sql-injections-spike-again.html

3 thoughts on “A Rise in SQL Injections in ASP.Net Websites”

  1. There will always be people who take advantage of vulnerabilities and use it for malicious purposes. Unfortunately, that is the cost of improving the user experience and improving technology.

  2. Ever since CIS 305, I have been reading many of these articles. At first I was very afraid of SQL injection and other malicious attacks that cyber criminals are using, but the fact of the matter is that these types of things will always be around as technology grows. I hope I’m wrong, but it’s going to be something that we are going to have to live with and endure.

  3. Since last quarter and reading the 305 blogs, there has been a lot of posts about SQL injections. I believe that it is a very serious issue. These cyber attacks appear to be very frequent, and unless the whole web development community does something about it, the attacks are just going to get stronger

Comments are closed.