Apple website hit with SQL Injection
"A hack attack that can expose users to malware exploits has infected more than 1 million webpages, at least two of which belong to Apple.
The SQL injection attacks bombard the websites of legitimate companies with database commands that attempt to add hidden links that lead to malware exploits. While most of the sites that fell prey appear to belong to mom-and-pop operations, two of the infections hit pages Apple uses to promote iTunes podcasts, this Google search shows. The malicious links appear to have been removed since Google last indexed the pages in early August." - TheRegister
Full Article: http://www.theregister.co.uk/2010/08/17/apple_sql_attack/
Someone has a clear idea on how they could do it? If Apple has some malicious links, I could be infected too...
Posted by: tanguy | Aug 25, 2010 11:08:44 AM
I wonder how there can still be sql-injections when there are escape functions which can make an sql-query perfectly safe. Are there new techniques being used? Or was it a website flaw not to use any escaping? Or was it that the websites didn't escape data which used to be safe, but can now be compromised?
Posted by: Jeff | Aug 26, 2010 4:56:19 AM
To answer to my previous post (I just read it in the whole article on theregister.co.uk :blush: ): the SQL attack is not a new technique and was successful due to bad input filtering.
Posted by: Jeff | Aug 26, 2010 5:24:51 AM