SQLi Is Back With A Small TwIST

Posted At : August 16, 2008 12:40 PM | Posted By : Brad Wood
Related Categories: SQL, Security, ColdFusion

Well, after a brief hiatus, the SQL Injection attacks have reconvened with a small change. They have modified the capitalization of a couple words in the URL. "DECLARE" has become "DeCLARE", and "EXEC" has become "ExEC". This is obviously to get around people who employed case-sensitive filtering mechanisms.

This may be a simple fix if your filtering has stopped working, but to me it is just more proof of how brittle request filtering can be. I kind of wonder if the attackers pay any attention to our blogs and talk lists to better counter our defense.

Here is a graph to show the rate of the attacks on my server. They haven't reached the same level they were last week, but they are definitely there.

Comments (0) | Print | Send | del.icio.us | Digg It! | Linking Blogs | 1214 Views
TweetBacks
Comments (Comment Moderation is enabled. Your comment will not appear until approved.)

There are no comments for this entry.

[Add Comment] [Subscribe to Comments]


BlogCFC was created by Raymond Camden. This blog is running version 5.9.5. Contact Blog Owner