Defacing websites via SQL injection

Johannes B. Ullrich a, Chief research officer and Jason Lam b, Instructor
aSANS Technology Institute
bSANS Institute.

Available online 25 January 2008.

In early February 2007, security communities became aware of a major sports event website distributing malware.next term1 It infected visitors through a well-known technique at the time, which was a VML exploit targeting Internet Explorer browsers. Any visitors running Internet Explorer without the VML patch could be infected with the trojan.


**Hidden Content: To see this hidden content your post count must be 10 or greater.**