Comments on: Mass Injection:Infected more than 40,000 Web Sites

By: Himakar

Himakar — Mon, 08 Feb 2010 18:26:14 +0000

Veru nicely thanks congrats bro … shall i use this tutorial by giving the reference to geniushackers.com

By: Shaakunthala

Shaakunthala — Thu, 07 Jan 2010 10:22:52 +0000

Thanks for writing this much clear. I also encountered a same kind of incident. My website was on drupal, and what I did is writing a bash script to clean up everything, and setting it up as a cron job.

What I’ve done is written here: portal.shaakunthala.com/2010/01/attack-and-defence.html
(hope you won’t treat this non-clickable url as spam )

By: askoppal

askoppal — Wed, 21 Oct 2009 13:36:43 +0000

Thanks Rosyidi keep reading..

By: Rosyidi

Rosyidi — Tue, 20 Oct 2009 12:31:12 +0000

Thank you very much for this information.

By: Senthil

Senthil — Sat, 10 Oct 2009 12:15:31 +0000

I experienced the SQL injection issue 1 year before, the trick is that the attacker will use the URL QueryString parameter to include their SQL Query to insert contents in to your database.

To be safe, you should always validate your querystring values strictly, very strictly….

Senthil,
http://www.senthil.name.

By: raaghav

raaghav — Tue, 04 Aug 2009 12:19:58 +0000

nice tutorial , publish some tutoials related to windows api

By: Tim

Tim — Thu, 18 Jun 2009 17:50:44 +0000

Really informative article. Good job, it’s hard to get customers to upgrade WordPress to latest versions to prevent these sort of things. I wish they would listen and just do it

By: askoppal

askoppal — Thu, 11 Jun 2009 14:59:05 +0000

If you want to see the vulnerability in action check this http://askoppal.com/jobs/test.php

By: askoppal

askoppal — Thu, 11 Jun 2009 14:47:13 +0000

Thanks Ricky and Nikhil for the comments!

By: Ricky

Ricky — Sun, 07 Jun 2009 00:31:15 +0000

Very well written and informative article. I shall check my website for this kind of vulnerability.