June 5, 2008

Another SQL Injection Breach (and an example)

The Democrat Herald brings the story of the theft of personal information from as many as 4,700 online customers of the Oregon State University Bookstore who used credit cards to purchase items.


This attacks sounds like it was taken from a textbook. Below you can see an example of an SQL Injection on one of Imperva's demo application that's probably very similar to what happened at OSU.   (Hear the voice of Mr. Terry Ray). A WAF could have helped here.

Tags:

By
Sharon Besser
| June 5, 2008 10:49 PM | | Comments (0) | TrackBacks (0)
  • Digg it!
  • Add to Del.Icio.Us
  • Add to Technorati
  • Stumble It!
  • NewsVine
  • Slashdot
  • Google Bookmarks
  • YahooMyWeb
  • Live
  • Add this post to Reddit

0 TrackBacks

Listed below are links to blogs that reference this entry: Another SQL Injection Breach (and an example).

TrackBack URL for this entry: http://blog.imperva.com/mt/mt-tb.cgi/29

Leave a comment