'New pattern'에 해당되는 글 1

  1. 2008.09.06 A little change of Mass SQL Injection Attack
Yesterday, our company's engineer told me that it was a strange thing to our customer's database. 

It was the Mass SQL Injection Attack pattern besides ONE thing. They didn't have JavaScript on URI. The value of its JavaScript Source was only the domain name. I couldn't take a evil content of the domain because He couldn't access the evil domain.

Normal Mass SQL Injection Attack patterns like below.
<script src="http://[malicious site's domain]/fuckjp.js"><script>

New pattern likes below.
<script src="http://[malicious site's domain]"><script>

I haven't been monitoring the Mass SQL Injection Attack. But I think it is important that they don't have JavaScript file name and extension name in their pattern. I simulated this attack.

First, I made a evil script file as web site(www.evil.com)'s index page.
Next, I made a simple HTML page which had a script tag like a infected web page.

Finally, when victims visited this page, he will see the message like below. This trick makes JavaScript file name matching meaningless.
If you need the lists of the evil domains used the Mass SQL Injection attack, please visit below site. It is collecting those.
이전 1 다음

티스토리 툴바