Widespread SQL Injection Attacks Compromising Websites

Home

US-CERT Computer Emergency Readiness Team

US-CERT is aware of widespread SQL injection attacks compromising websites across all sectors. The compromised sites have been modified to include a reference to a malicious JavaScript file. When a user unknowingly visits a compromised site, they are silently re-directed to a series of malicious web pages that attempt to exploit multiple client-side vulnerabilities in a number of applications, including Internet Explorer and RealPlayer.

More information regarding this security risk may be found in the following:

Vulnerability Note VU#871673
Sans.org Mass exploits with SQL Injection Document

US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:

Update RealPlayer to the latest version
Disable ActiveX as described in the Securing Your Web Browser document

Widespread SQL Injection Attacks Compromising Websites

Popular Words in Internet Security Alerts

Related Items