Comments on: SQL Injection Tangos with Heap Overflows http://www.veracode.com/blog/2008/12/sql-injection-tangos-with-heap-overflows/ Application security testing, analysis, and metrics Thu, 09 Feb 2012 11:59:00 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: links for 2008-12-17 (Jarrett House North) http://www.veracode.com/blog/2008/12/sql-injection-tangos-with-heap-overflows/comment-page-1/#comment-2404 links for 2008-12-17 (Jarrett House North) Thu, 18 Dec 2008 02:01:29 +0000 http://www.veracode.com/blog/?p=513#comment-2404 [...] SQL Injection Tangos with Heap Overflows Multifactor vulnerabilities lead to massive exploits. The scary bit about this is that this points out that the 500,000 or so IIS servers that got hit with SQL injection attacks are, if they remain unpatched, fertile ground for exploiting just about any other vulnerability that comes around. (tags: security sqlinjection) [...] [...] SQL Injection Tangos with Heap Overflows Multifactor vulnerabilities lead to massive exploits. The scary bit about this is that this points out that the 500,000 or so IIS servers that got hit with SQL injection attacks are, if they remain unpatched, fertile ground for exploiting just about any other vulnerability that comes around. (tags: security sqlinjection) [...]

]]> By: Chris Wysopal http://www.veracode.com/blog/2008/12/sql-injection-tangos-with-heap-overflows/comment-page-1/#comment-2403 Chris Wysopal Thu, 18 Dec 2008 00:26:05 +0000 http://www.veracode.com/blog/?p=513#comment-2403 @Miguel Agreed. Perhaps I should change the title to "IE has a three way with SQL Injection and XSS". -Chris @Miguel

Agreed. Perhaps I should change the title to “IE has a three way with SQL Injection and XSS”.

-Chris

]]> By: Miguel Correia http://www.veracode.com/blog/2008/12/sql-injection-tangos-with-heap-overflows/comment-page-1/#comment-2402 Miguel Correia Wed, 17 Dec 2008 18:29:51 +0000 http://www.veracode.com/blog/?p=513#comment-2402 Great post. There is a third in the tango: cross-site scripting. This is a heap overflow attack, made using a stored cross-site scripting attack made with SQL injection. Yak! Great post. There is a third in the tango: cross-site scripting. This is a heap overflow attack, made using a stored cross-site scripting attack made with SQL injection. Yak!

]]>