SQL Injection Attacks on IIS Web Servers

Posted: Apr 25, 2008  105 comments  

Average Rating

Tags
Administrators
ASP.NET
Developers
IIS News Item
Security

BillS IIS Blog RSS

bills
Contact Me

You may have seen recent reports that have surfaced stating that web sites running on Microsoft’s Internet Information Services (IIS) 6.0 have been compromised. These reports allude to a possible vulnerability in IIS or issues related to Security Advisory 951306 which was released last week.

Microsoft has investigated these reports and determined that the attacks are not related to the recent Microsoft Security Advisory (951306) or any known security issues related to IIS 6.0, ASP, ASP.Net or Microsoft SQL technologies.

Instead, attackers have crafted an automated attack that can take advantage of SQL injection vulnerabilities in web pages that do not follow security best practices for web application development. While these particular attacks are targeting sites hosted on IIS web servers, SQL injection vulnerabilities may exist on sites hosted on any platform.  More information on SQL injection attacks can be found here and here.

Guidance from Microsoft for web application development best practices can also be found on this MSDN page. Best practices guidelines that developers may follow to mitigate SQL injection, can be located here. As we continue to make progress in our investigation on this attack, we will provide updated guidance and information on the IIS.net site. For the latest information on this issue, please subscribe or visit the IIS security forum.

For end-users, the investigation also shows no indication of an un-patched vulnerability in IIS, SQL Server, Internet Explorer or any other Microsoft client software, so we recommend customers apply the latest updates to be protected from these attacks.

To further protect themselves from reported attacks, we encourage all customers to apply our most recent security updates to help ensure that their computers are protected from attempted criminal attacks. For more information about security updates, visit: www.microsoft.com/protect.

Anyone believed to have been affected can visit: http://www.microsoft.com/protect/support/default.mspx and should contact the national law enforcement agency in their country.  Those in the United States can contact Customer Service and Support at no charge using the PC Safety hotline at 1-866-PCSAFETY.  Additionally, customers in the United States should contact their local FBI office or report their situation at: www.ic3.gov

Comments

  1. microsoft » Blog Archive » SQL Injection Attacks on IIS Web Servers
    April 26, 2008

    Pingback from  microsoft  » Blog Archive   » SQL Injection Attacks on IIS Web Servers
  2. The Microsoft Security Response Center (MSRC)
    April 26, 2008

    Hi there this is Bill Sisk. There have been conflicting public reports describing a recent rash of web
  3. SQL Injection Attacks on IIS Web Servers - BillS IIS Blog
    April 26, 2008

    Pingback from  SQL Injection Attacks on IIS Web Servers - BillS IIS Blog
  4. VolkerD
    April 26, 2008

    Pingback
  5. K. Brian Kelley - Databases, Infrastructure, and Security
    April 26, 2008

    The recent slate of attacks on IIS servers don't seem to be an attack directly against IIS or against
  6. Guy Barrette
    April 26, 2008

    There have been conflicting reports about SQL Server injection attacks and a possible new IIS vulnerability
  7. Guy Barrette's Blog
    April 26, 2008
  8. Hundreds of Thousands of Microsoft Web Servers Hacked « Smokey’s Security Weblog
    April 26, 2008

    Pingback from  Hundreds of Thousands of Microsoft Web Servers Hacked « Smokey’s Security Weblog
  9. Microsoft f?hlt sich nicht f?r die Webserver-Attacken verantwortlich - WinSupportForum
    April 26, 2008

    Pingback from  Microsoft f?hlt sich nicht f?r die Webserver-Attacken verantwortlich - WinSupportForum
  10. Clarifying SQL Web Server Attacks » D' Technology Weblog: Technology, Blogging, Tips, Tricks, Computer, Hardware, Software, Tutorials, Internet, Web, Gadgets, Fashion, LifeStyle, Entertainment, News and more by Deepak Gupta.
    April 26, 2008

    Pingback from  Clarifying SQL Web Server Attacks » D' Technology Weblog: Technology, Blogging, Tips, Tricks, Computer, Hardware, Software, Tutorials, Internet, Web, Gadgets, Fashion, LifeStyle, Entertainment, News and more by Deepak Gupta.
  11. Teste » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …
    April 27, 2008

    Pingback from  Teste » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …
  12. fashion » Blog Archive » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …
    April 27, 2008

    Pingback from  fashion  » Blog Archive   » Clarifying SQL Web Server Attacks ?? D' Technology Weblog …
  13. Peter
    April 27, 2008

    Ahhh BS, what's all this hoopla about?! Just tell it like it is: A LOT of developers are just plain lazy and don't care enough to use parameterized queries; end of story.
  14. SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN
    April 27, 2008

    Pingback from  SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN
  15. MSBLOG
    April 27, 2008

    Pingback from  MSBLOG
  16. SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN
    April 28, 2008

    Pingback from  SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN
  17. Security Blog di Feliciano Intini
    April 28, 2008

    La blogosfera "sicura" (nome scherzoso con cui identifico l'insieme di blog/e-magazines in
  18. Microsoft Afasta Responsabilidade de Ataque Massivo
    April 28, 2008

    Pingback from  Microsoft Afasta Responsabilidade de Ataque Massivo
  19. Harry Waldron - My IT Forums Blog
    April 28, 2008

    A new major security attack occurred over the weekend, where over one half million web pages became infected
  20. Harry Waldron - Microsoft MVP Blog
    April 28, 2008

    A new major security attack occurred over the weekend, where over one half million web pages became infected
  21. Paintworkzstudio
    April 28, 2008

    Does denying access to the webserver, still allow a sql attack >?
  22. Developers at fault: SQL Injection attacks lead to wide-spread compromise of IIS servers | Zero Day | ZDNet.com
    April 28, 2008

    Pingback from  Developers at fault: SQL Injection attacks lead to wide-spread compromise of IIS servers |  Zero Day | ZDNet.com
  23. Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | MeltedCube
    April 28, 2008

    Pingback from  Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | MeltedCube
  24. Microsoft Report on SQL Injection Attacks on IIS Web Servers | ReadersZone
    April 28, 2008

    Pingback from  Microsoft Report on SQL Injection Attacks on IIS Web Servers | ReadersZone
  25. kazım
    April 28, 2008

    thank you
  26. John.B
    April 29, 2008

    Even if Microsoft is not at fault for the SQL injection attacks, the malware specifically targets Windows clients.

    Since the SQL injection attack is specific to T-SQL, wouldn't it be responsible to give developers and DBAs some hints to at least detect infections?  Other than using Google to find all 500,000 infected web pages?
  27. max stirner
    April 29, 2008

    if this is not due to an IIS-vulnerability, why does it only affect IIS-servers?
  28. Prepare for Corporate Layoffs » Blog Archive » Weak SQL coding techniques result in Huge SQL Injection attacks
    April 29, 2008

    Pingback from  Prepare for Corporate Layoffs  » Blog Archive   » Weak SQL coding techniques result in Huge SQL Injection attacks
  29. GarethWestern.com » Bookmarks for April 27th through April 29th
    April 29, 2008

    Pingback from  GarethWestern.com » Bookmarks for April 27th through April 29th
  30. Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????
    April 29, 2008

    Pingback from  Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????
  31. bills
    April 29, 2008

    Hi Max -

    the exploit code is specific to SQL server, which is normally found behind an ASP/ASP.NET application that has not followed best practices.  The exploit code doesn't work against mysql or other databases, which is why it appears to be an IIS/ASP/ASP.NET/SQL bug, but it is not.  The same exploit could have been done with code specific to mySQL or any other database.  
  32. SR - UK
    April 29, 2008

    John.B - MS do provide info for developer and DBAs either via MSDN:

    msdn2.microsoft.com/.../ms161953.aspx

    also via multiple blog entries, for example:

    http://blogs.msdn.com/raulga/

    problem is most Devs and DBAs are just not interested in doing the work...
  33. WordPress MU barcon.info | Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????
    April 29, 2008

    Pingback from  WordPress MU  barcon.info | Microsoft ?????????????????????????????????? ???????????????? ?????????????????????????? ?????????????????? ??????????
  34. RobIII
    April 29, 2008

    I wrote some T-SQL to scan your entire server for "<script" in all databases.

    ================

    exec sp_msforeachdb '

    Print(''Scanning Database [?]'')

    DECLARE @T varchar(255), @C varchar(255)

    DECLARE Table_Cursor CURSOR FOR

    select a.name,b.name from [?].dbo.sysobjects a,[?].dbo.syscolumns b

    where a.id=b.id and a.xtype=''u'' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)

    order by a.name, b.name

    OPEN Table_Cursor

    FETCH NEXT FROM Table_Cursor INTO @T,@C

    WHILE(@@FETCH_STATUS=0)

    BEGIN

    If Left(@T,1)<>''#''

    Begin

    Print('' Scanning Table [''+@T+''], Column: [''+@C+'']'')

    Exec(''if exists(select [''+@C+'']  from [?].dbo.[''+@T+''] where [''+@C+''] like ''''%<script%'''') print ''''>>> FOUND in [''+@T+''].[''+@C+'']'''''')

    End

    FETCH NEXT FROM Table_Cursor INTO @T,@C

    END

    CLOSE Table_Cursor

    DEALLOCATE Table_Cursor

    '

    ================

    Just search the printout for ">>> FOUND" to see in what table the malicious code was found.

    Be warned: this might take a LONG time!
  35. Out Of The Box
    April 29, 2008

    Don't know if you saw this, but it's certainly scary . There are several articles out about a massive
  36. shawnbass.com - Security blog
    April 29, 2008

    For those not familiar with SQL injection, it's in it's simplest form a method of injection a SQL statement into a database server by way of hiding it in a web parameter. There's a more detailed ...
  37. Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | Networking for Networkers
    April 29, 2008

    Pingback from  Massive Attack: Half A Million Microsoft-Powered Sites Hit With SQL Injection | Networking for Networkers
  38. Balássy György (MSDNKK)
    April 30, 2008

    Az utóbbi időben egyre több olyan hír jelent meg a világhálón, amelyek szerint durva hiba lehet a Windows
  39.   Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers — Instant Web Meetings.COM - Video Conference, Collaboration, E Learning, Unified Communications
    May 1, 2008

    Pingback from  &nbsp; Developers at fault? SQL Injection attacks lead to wide-spread compromise of IIS servers&nbsp;&#8212;&nbsp;Instant Web Meetings.COM - Video Conference, Collaboration, E Learning, Unified Communications
  40. Technical RollUp
    May 1, 2008

    News Microsoft Internet Security and Acceleration Server Forefront Threat Management Gateway, the Next
  41. SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN | Alex McFarlane
    May 8, 2008

    Pingback from  SQL Infection Hits Over 500K Webpages, Infiltrates DHS And UN | Alex McFarlane
  42. Jon Galloway
    May 8, 2008

    h2.entry-title {font-size: 1.1em; clear:left;} ul.hfeed {list-style-type: none;} li.xfolkentry {clear
  43. Joseph
    May 8, 2008

    A few of our legacy ASP application were affected by this outbreak. It was an accident waiting to happen though. The blame is on the poorly written code, not in SQL or IIS. Since it is too expensive (and difficult) to fix all code, you have to live with it. I found an interesting and free (GNU with source code) application for IIS that proved very efficient. I am still being attacked, but the filter has blocked the effects of such attacks.

    Installation and code can be found here:

    www.codeplex.com/IIS6SQLInjection

    The only bad thing is that it is not compatible with Windows 64 bits. I had to move all ASP application to a lesser server :(
  44. Yvonne
    May 15, 2008

    Once you recover your web server from the attack you are not done.  You may find that the seach engines now have cached pages for your site that include the malicious code.  Yahoo takes a simple e-mail.  Google takes an online form.  I have been fighting for 2 weeks to get Microsoft to remove cached pages that are now 6 weeks old from their Live Search.  
  45. Samuel Davis
    May 20, 2008

    Who should be responible for fixing a website that has recently been affect by an SQL injection attack?  Should it be the people responible for developing website or the company that purchased it?  We had a website developed a year ago and it's currently being hosted by the developer.  It has recently been attacked and now they want to charge us to fix it, but if this is due to their poor code shouldn't they be responible for fixing it?
  46. Anonymous
    May 20, 2008

    The above component do not work and fail if SQL is defined in form action:

    <form method="post" action="show.asp?PageID=123;Declare @a;Set @=123;Exec(@);">

    </form>
  47. Fred
    May 22, 2008

    It is important to learn how to implement best security practices and protect your database. There's a great tutorial test on www.microsoft.com/hellosecureworld7 where you can see an SQL Injection attack in action and learn ways to stop it. Look for the SQL Injection Lab.
  48. Heavy on the Technical
    May 24, 2008

    News Microsoft Internet Security and Acceleration Server Forefront Threat Management Gateway, the Next
  49. Microsoft Switzerland Security Blog
    May 28, 2008

    There s a lot of noise arround currently ongoig SQL injection attacks and even if that is quite an "old"
  50. Michael Howard on SQL Injection and my concerns on the most recent attacks | Zero Day | ZDNet.com
    May 29, 2008

    Pingback from  Michael Howard on SQL Injection and my concerns on the most recent attacks | Zero Day | ZDNet.com
  51. Roger's Security Blog
    May 30, 2008

    Well, there was quite some chatter over the last few weeks with regards to the massive defacements we
  52. servers
    May 31, 2008

    Pingback from  servers
  53. Robert Folkesson
    June 2, 2008

    Den senaste tiden har en mängd sajter blivit infekterade av en SQL Injection-attack som använder SQL
  54. Binero » Blog Archive » Skydda din webbplats
    June 5, 2008

    Pingback from  Binero  &raquo; Blog Archive   &raquo; Skydda din webbplats
  55. Владимир Лещинский
    June 16, 2008

    Посвящается моим студентам, жалующимся на высокую требовательность к качеству кода при сдаче лабораторных
  56. MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz - ntoolz.net
    June 22, 2008

    Pingback from  MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz - ntoolz.net
  57. Security Advisory 953818 Posted | Network Toolz - ntoolz.net
    June 22, 2008

    Pingback from  Security Advisory 953818 Posted | Network Toolz - ntoolz.net
  58. Questions about Web Server Attacks | Network Toolz - ntoolz.net
    June 22, 2008

    Pingback from  Questions about Web Server Attacks | Network Toolz - ntoolz.net
  59. AMD Talk » MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz …
    June 22, 2008

    Pingback from  AMD Talk &raquo; MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz &#8230;
  60. May 2008 Advance Notification | Network Toolz - ntoolz.net
    June 22, 2008

    Pingback from  May 2008 Advance Notification | Network Toolz - ntoolz.net
  61. » Security Advisory 953818 Posted | Network Toolz - ntoolz.net
    June 22, 2008

    Pingback from  &raquo; Security Advisory 953818 Posted | Network Toolz - ntoolz.net
  62. » MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz …
    June 22, 2008

    Pingback from  &raquo; MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz &#8230;
  63. The latest SQL Injection Attacks | Network Toolz - ntoolz.net
    June 22, 2008

    Pingback from  The latest SQL Injection Attacks | Network Toolz - ntoolz.net
  64. Pregnant Man » MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz …
    June 22, 2008

    Pingback from  Pregnant Man &raquo; MSRC Blog: Microsoft Security Advisory (950627) | Network Toolz &#8230;
  65. Network Tools - ntoolz.net » Blog Archive » certificate mapping auth problem
    June 22, 2008

    Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; certificate mapping auth problem
  66. Network Tools - ntoolz.net » Blog Archive » March 2008 MS08-014 Re-release
    June 22, 2008

    Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; March 2008 MS08-014 Re-release
  67. Network Tools - ntoolz.net » Blog Archive » How do you create client certificates?
    June 22, 2008

    Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; How do you create client certificates?
  68. Network Tools - ntoolz.net » Blog Archive » Cannot manage Entreprise CA that is in parent domain from child domain
    June 22, 2008

    Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; Cannot manage Entreprise CA that is in parent domain from child domain
  69. Network Tools - ntoolz.net » Blog Archive » Questions about Web Server Attacks
    June 22, 2008

    Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; Questions about Web Server Attacks
  70. Network Tools - ntoolz.net » Blog Archive » eLineStudio Site Composer Multiple Vulnerabilities
    June 23, 2008

    Pingback from  Network Tools - ntoolz.net  &raquo; Blog Archive   &raquo; eLineStudio Site Composer Multiple Vulnerabilities
  71. Error: 18456, Severity: 14, State: 16. | Network Tools - ntoolz.net
    June 23, 2008

    Pingback from  Error: 18456, Severity: 14, State: 16. | Network Tools - ntoolz.net
  72. » Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage …
    June 23, 2008

    Pingback from  &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage &#8230;
  73. » Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web …
    June 23, 2008

    Pingback from  &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web &#8230;
  74. » Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site …
    June 23, 2008

    Pingback from  &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site &#8230;
  75. The latest SQL Injection Attacks | Network Tools - ntoolz.net
    June 23, 2008

    Pingback from  The latest SQL Injection Attacks | Network Tools - ntoolz.net
  76. Questions about Web Server Attacks | Network Tools - ntoolz.net
    June 23, 2008

    Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net
  77. Archive » Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site …
    June 23, 2008

    Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? eLineStudio Site &#8230;
  78. Archive » Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web …
    June 23, 2008

    Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Questions about Web &#8230;
  79. Archive » Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage …
    June 23, 2008

    Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? Cannot manage &#8230;
  80. Archive » Network Tools - ntoolz.net ?? Blog Archive ?? How do you create …
    June 23, 2008

    Pingback from  Archive &raquo; Network Tools - ntoolz.net ?? Blog Archive ?? How do you create &#8230;
  81. MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools - ntoolz.net
    June 23, 2008

    Pingback from  MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools - ntoolz.net
  82. Questions about Web Server Attacks | Network Tools - ntoolz.net
    June 23, 2008

    Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net
  83. June 2008 Monthly Release | Network Tools - ntoolz.net
    June 23, 2008

    Pingback from  June 2008 Monthly Release | Network Tools - ntoolz.net
  84. Questions about Web Server Attacks | Network Tools - ntoolz.net
    June 24, 2008

    Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net
  85. Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 | Network Tools - ntoolz.net
    June 24, 2008

    Pingback from  Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 | Network Tools - ntoolz.net
  86. Questions about Web Server Attacks | Network Tools - ntoolz.net
    June 24, 2008

    Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net
  87. » Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Questions …
    June 24, 2008

    Pingback from  &raquo; Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Questions &#8230;
  88. A E » Blog Archive » Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 …
    June 24, 2008

    Pingback from  A E  &raquo; Blog Archive   &raquo; Microsoft Security Advisory (904420): Win32/Mywife.E@mm - 2/1/2006 &#8230;
  89. » MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools …
    June 24, 2008

    Pingback from  &raquo; MS08-030 Re-released for Windows XP SP2 and SP3 | Network Tools &#8230;
  90. Archive » Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? How do you …
    June 24, 2008

    Pingback from  Archive &raquo; Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? How do you &#8230;
  91. Archive » Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Cannot …
    June 24, 2008

    Pingback from  Archive &raquo; Archive ?? Network Tools - ntoolz.net ?? Blog Archive ?? Cannot &#8230;
  92. IAS and RAS server certificate enrollment | Network Tools - ntoolz.net
    June 24, 2008

    Pingback from  IAS and RAS server certificate enrollment | Network Tools - ntoolz.net
  93. Server Core in our Security Bulletins | Network Tools - ntoolz.net
    June 24, 2008

    Pingback from  Server Core in our Security Bulletins | Network Tools - ntoolz.net
  94. Questions about Web Server Attacks | Network Tools - ntoolz.net
    June 24, 2008

    Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net
  95. Wade Hilmo
    June 24, 2008

    The IIS team has some street smarts when it comes to security. We learned quite a few lessons the hard
  96. Questions about Web Server Attacks | Network Tools - ntoolz.net
    June 26, 2008

    Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net
  97. Questions about Web Server Attacks | Network Tools - ntoolz.net
    June 26, 2008

    Pingback from  Questions about Web Server Attacks | Network Tools - ntoolz.net
  98. Finding SQL Injection with Scrawlr | IT & Network Security Blog
    July 13, 2008

    Pingback from  Finding SQL Injection with Scrawlr | IT &amp; Network Security Blog
  99. 2008 Pwnie Award nominees announced | Zero Day | ZDNet.com
    July 21, 2008

    Pingback from  2008 Pwnie Award nominees announced | Zero Day | ZDNet.com
  100. Nazim's IIS Security Blog
    August 21, 2008

    About 2 months ago we released the beta for UrlScan v3.0 to address customer concerns with automated
  101. Shadow Security » Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores
    August 22, 2008

    Pingback from  Shadow Security &raquo; Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores
  102. MiniNoticias » Blog Archive » Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores
    August 26, 2008

    Pingback from  MiniNoticias  &raquo; Blog Archive   &raquo; Microsoft actualiza URLScan para contrarrestar los ataques masivos sobre sus servidores
  103. Dr. Tom Shinder’s Blog » Blog Archive » UrlScan 3.0 Released - Blocks SQL Injection Attacks
    September 28, 2008

    Pingback from  Dr. Tom Shinder&#8217;s Blog  &raquo; Blog Archive   &raquo; UrlScan 3.0 Released - Blocks SQL Injection Attacks
  104. Free SQL Injections Scanner | Video Sharing Script
    February 11, 2009

    Pingback from  Free SQL Injections Scanner | Video Sharing Script