ASP.net & SQL Injection Exploits… Again?{Comments Off on ASP.net & SQL Injection Exploits… Again?}


According to an article presented late last year, hackers of the world are attempting to use a technique referred to as “SQL Injection” on Microsoft’s ASP.Net platform. The troubling thing is, they have been wildly successful. The author states, “About 180,000 pages have been affected so far, security researchers say ‘attackers have planted malicious JavaScript on ASP.Net sites that causes the browser to load an iframe with one of two remote sites: www3.strongdefenseiz.in and www2.safetosecurity.rrnu.’” Using this technique they have been able to exploit this iframe and attempt to plant malware on visiting PC’s via “a number of browser drive-by exploits”. Having seen a trend in the exploitation of SQL Injection, Microsoft has released information to programmers on how to protect again such attacks since at least 2005 and the attacks continue to occur.

Studying the methodology behind ASP.net and applying that knowledge to real world applications through Visual Basic, we have come to a general understand of ASP.Net’s purpose and uses. With its seemingly unlimited functionality, it’s almost hard to imagine what hackers may be able to do if they are able to access information illegally. I am excited to continually learn about ASP.Net and other resources but I am also hoping to gain knowledge on how to prevent such attacks from happening to sites I may create in the “real world”.

Reference:

Microsoft ASP.Net sites under attack. (2011). Network World, 28(19), 8.