

Mass SQL Injection Attack Hits Sites Running IIS - sucuri2
http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-2677-inyahoo-js.html

======
kogir
SQL injection is platform independent. It usually targets a specific vendor's
DB, but it's crappy code by users of the DB that is at fault.

So it's really SQL injection attack hits sites running crappy custom code.

Neither SQL server nor IIS are at fault here.

~~~
rbanffy
Did anyone say it's not platform independent?

The article just states a couple of IIS sites got compromised again. It's not
blaming IIS for that.

And SQL injection is not completely platform independent: your database must
support SQL for it to work.

