||SQL INJECTIONS. WHAT IT MEANS FOR YOUR WEBSITE.
There are many types of SQL Injections out there. The older types of injections found exploits in Microsoft Windows Servers & Microsoft SQL Server. These injections needed direct access to these servers in order to be performed.
Since these exploits have been patched a new breed of SQL Injections have arrived.
During, the beginning of the first quarter of 2008 (roughly around March) a new exploit has been discovered. This exploit does not rely on unpatched or open holes on Web Servers or Database Servers, like it's previous cousins, but now exploits vulnerabilities in Web Site Applications such as your website.
Hackers (mostly coming from China) are using what is called "Malbots". These malbots are automatic programs that utilize Search Engines to find websites with .asp?, .aspx? pages.
Once found, the malbots will trigger a SQL Command directly into the browser's Address bar to execute an insert of text into your records in your database and can even delete entire database tables within seconds!
Any website that uses a database can potentially be exploited by the new breed of SQL Injections. MS SQL, Oracle, Access & MySQL databases can all be exploited to be hacked. It just depends on the type of SQL commands that are sent to the database. All website development languages also can be exploited such as, ASP, ASP.NET & PHP.
So, at this point, no website can be considered safe unless the developed code strictly prohibits the use of such SQL commands from the Address bar and even user inputted fields such as Billing Information on a website's checkout process.
Since this new vulnerability has just recently been exploited, all Intersoft's customers that are using a database are subject to this exploit. It is highly recommend that customers contact your Sales Representatives for a website update at 1.888.WEB.7228.
[ RSS ]