Comments on: Serious SQL Injection Vulnerability

By: Seologia

Seologia — Thu, 05 Jun 2008 15:49:06 +0000

SQL Injection is a serious problem and is happening more than one would think. Take Wordpress, for instance. One of the last versions had a injection vulnerability. The problem is that if you update, something else breaks! :S Sometimes it’s just better to stick with the bad but working rather than the new and “unknown”.

By: paul

paul — Tue, 06 May 2008 13:14:01 +0000

btw just got a 500 server error when submitting that last comment, but it went through. I know you had problems before with your wordpress setup. I’m using FF.2.0.0.14 on WinNT.

By: paul

paul — Tue, 06 May 2008 13:11:45 +0000

I’m suspecting that most developers didn’t admit that it was a problem with their code and probably charged them to update their website to protect it
= p

By: Richard Hearne

Richard Hearne — Tue, 06 May 2008 12:47:34 +0000

The most interesting piece to this puzzle is that SQL injections can only really be defended against in the site code. I wonder what some of the developers behind the Irish sites hit told their clients?

Rgds to both
Richard

By: paul

paul — Tue, 06 May 2008 10:56:38 +0000

The number is down to just over 2,000 pages indexed with that search query. I know it’s not a 100% reliable measure. But after just over a week it does seem to be that more and more companies are patching their servers.

= Paul

By: Donncha O Caoimh

Donncha O Caoimh — Mon, 05 May 2008 14:22:48 +0000

Ouch! That is nasty but it looks like many of the sites have patched the hole, at least the ones I check on the front page of that Google search have.

By: Damien Mulley » Blog Archive » Fluffy Links - Tuesday April 29th 2008

Damien Mulley » Blog Archive » Fluffy Links - Tuesday April 29th 2008 — Tue, 29 Apr 2008 04:47:41 +0000

[...] Via Richard Hearne. A lot of sites are being hacked with the SQL injection exploit. List of Irish ones. [...]