Tuesday, June 24, 2008

SQL Injection on the Rise

Microsoft released a new advisory today on the rising number of instances of SQL Injection that are happening on the web. 

To view the security advisory, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/advisory/954462.mspx

If you have web sites that concatenate unchecked user inputs or parameter line arguments into SQL database calls, then it is important that you fix this problem following the guidelines on this advisory.  This is not all to uncommon, nor is it overly surprising to see this more and more.  This is a common question on the forums, and more than a few posts have been dedicated to trying to help people look into these problems after being attacked.

No comments:

Post a Comment