From the Register:

A new round of SQL injection attacks has infected millions of web pages belonging to businesses and government agencies, including those that belong to the National Institutes of Health and Education Department in the US and the UK Trade & Investment.

The Register shows a simple Google search revealing “at least 14.5 million infected pages” on the .gov domain. It appears the government does not know the ease and simplicity of a SQL injection attack and some XSS. Nor does the government sanitize the data sent to its servers, as any XKCD reader could tell you.

SQL injections and other attacks with user-supplied data, such as XSS and CSRF, are rapidly becoming the most common and effective exploits on the web. IST and SRA students should read the hacker zine http://0×000000.com/ for the extent and efficacy of SQL attacks today.

Categories: News