MSIE 0-day Spreading Via SQL Injection

By secgeeks - Posted on December 12th, 2008

1339

vote

from sans diary here:
"One of our readers submitted this log entry, which shows a typical SQL injection exploit. The "new" part is that the javascript injected in this case is trying to exploit the MSIE 0-day:

In this case, the SQL injection is delivered as a cookie, not a GET parameter.

I broke up the strings for readability and inserted spaces around the malicious URL. As usual with these kinds of exploit, the script will load another script which will load another script ultimatley leading to the IE exploit."

you can read more here.

Bookmark/Search this post with:

Trackback URL for this post:

http://secgeeks.com/trackback/2620

MSIE 0-day Spreading Via SQL Injection

from SecGeeks - information security, social security, vulnerabil on Fri, 26/06/2009 - 06:03

Similar entries

Recent blog posts

Drupalit monthly

Newly Popular

Drupalit weekly

Drupalit daily

Drupalit hottest

Drupalit latest

Recent comments

Outlook Email search tool
11 weeks 3 days ago
nice tool..
1 year 2 weeks ago
Preplay for windows
1 year 3 weeks ago
yeah,foxit is god
1 year 5 weeks ago
That's due to being
1 year 5 weeks ago
It's very powerful. I guess
1 year 5 weeks ago
We can export .exe with
1 year 5 weeks ago
thank you
1 year 11 weeks ago
Style sheet flaw
1 year 19 weeks ago
backdoor? -SecGeek
1 year 21 weeks ago

Get SecGeeks Feeds in your email:

Navigation

Who's online

There are currently 0 users and 29 guests online.

Poll

tags in Genral

botnet botnet code execution cyber criminals facebook google iphone mac os x mac os x pc world pilot fish zero day

Who's new

extremepipes01
georgedbest
mawunakoutonin
goodbuzzm
latestceleb

User login

BlogRoll

Hack In The Box

http://maltainfosec.org
http://sipvicious.org/blog/
astalavista.com
Security Industry Discussions

Partners

People Search
Rogue anti-spyware removal
Spyware Removal News
Computer Security
www.techmantras.com
Unlock iPhone 3G
add your link here..