
 SQL Injection Attack happening ATM - wglb
http://isc.sans.org/diary/SQL+Injection+Attack+happening+ATM/12127
======
kogir
The code is T-SQL and will only do anything on SQL Server. It exploits web
apps that are vulnerable to SQL injection, and won't cause you any problems if
you encode user data correctly and use prepared statements, stored procedures,
or a good ORM.

~~~
rjbond3rd
Sybase also uses T-SQL.

------
rhizome
To be clear, this is against SQL Server (Microsoft).

~~~
willvarfar
Splitting hairs but it relies on buggy websites using SQL Server, rather than
exploiting a flaw in SQL Server itself

~~~
zzzeek
I think that's not splitting hairs at all; it's a major detail and it's
appalling how many of the comments on that post are like "oh this is a SQL
Server vulnerability"....yikes !

------
smallegan
I would think that if a site is still running on ASP they probably aren't
currently maintaining it and won't care enough to fix it?

