Rapid7 Announces Critical Vulnerability Check for Automated SQL Injection

Tuesday May 13th 2008 by DatabaseJournal.com Staff

Rapid7 NeXpose update includes SQL Injection Check and Web Crawling capabilities for "winzipices.cn" vulnerability -- responsible for exploiting over 500,000 servers.

[From PR Newswire]

BOSTON, May 13 /PRNewswire/ -- Rapid7 announced today that NeXpose includes a check to detect web servers that have been hit by the recent automated mass SQL injection attacks. Web sites hit by this SQL injection attack have their web page contents modified to point to malware that is automatically downloaded by any visitor to the site. These sites are all vulnerable to SQL injection (or have recently been vulnerable) and were hacked by this automated hacker toolkit. In addition, by executing a Google search on the malware server name, hackers can find sites that have been already been exploited.

The article continues at http://sev.prnewswire.com/computer-electronics/20080513/NETU09213052008-1.html

Mobile Site | Full Site