{"id":122,"date":"2008-04-24T22:16:00","date_gmt":"2008-04-24T22:16:00","guid":{"rendered":"http:\/\/digitalchoke.com\/wpblog\/?p=122"},"modified":"2018-03-03T12:23:45","modified_gmt":"2018-03-03T20:23:45","slug":"sql-injections-cause-drive-by-attacks","status":"publish","type":"post","link":"https:\/\/digitalchoke.com\/digitalchokeblog\/sql-injections-cause-drive-by-attacks\/","title":{"rendered":"SQL Injections Cause Drive-By Attacks"},"content":{"rendered":"

A big SQL injection attack against hundreds of thousands of web sites. Many government and commercial sites have been infected with code that will try to install a password stealing program just by visiting a web page.<\/p>\n

It’s not clear if anti-virus programs will catch this one yet.<\/p>\n

You can see the extent by doing a web search for “nihaorr1”. DO NOT VISIT ANY OF THOSE LINKS! Google search may be filtering the bad sites; they returned only about 48K. Yahoo search returned over 251K entries. Some are discussions about this vuln, but many are sites that have been infected with the malicious javascript.<\/p>\n

This one is widespread. Internet Storm Center has info here: http:\/\/isc.sans.org\/diary.html?storyid=4331<\/a> . “They have hit city websites, commercial sites and even government websites. This type of injection pretty much null and voids the concept of “trusted website”. or “safe sites”‘<\/p>\n

Corporate types should be watching for traffic to that site. I found a few users at the office that may have been affected (and possibly infected).<\/p>\n

Be careful out there!<\/p>\n","protected":false},"excerpt":{"rendered":"

A big SQL injection attack against hundreds of thousands of web sites. Many government and commercial sites have been infected with code that will try to install a password stealing program just by visiting a web page.<\/p>\n

It’s not clear if anti-virus programs will catch this one yet.<\/p>\n

You can see the extent by doing a web search for “nihaorr1”. DO NOT VISIT ANY OF THOSE LINKS! Google search may be filtering the bad sites;<\/p>\n

 » Read more about: SQL Injections Cause Drive-By Attacks  »<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[],"class_list":["post-122","post","type-post","status-publish","format-standard","hentry","category-just-saying"],"_links":{"self":[{"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/posts\/122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/comments?post=122"}],"version-history":[{"count":1,"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/posts\/122\/revisions"}],"predecessor-version":[{"id":940,"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/posts\/122\/revisions\/940"}],"wp:attachment":[{"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/media?parent=122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/categories?post=122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/digitalchoke.com\/digitalchokeblog\/wp-json\/wp\/v2\/tags?post=122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}