[Dailydave] Quick thread on SQLi

Mary Landesman marylande at gmail.com
Wed Mar 7 12:31:36 EST 2012


Not all compromised sites are a result of SQLi. Actually, SQLi is a  
lower percent; most compromises today result from stolen FTP  
credentials, weak upload permissions, or leveraging pre-existing PHP  
backdoors left in other attacks.

-- Mary

On Mar 7, 2012, at 12:09 PM, allison nixon wrote:

> "Can be found remotely by someone with a minimum of time and effort"  
> almost certainly means compromised and already distributing  
> malware.  so if there is any database of hacked sites as a  
> percentage of legitimate sites... then there you have it.
>
> On Wed, Mar 7, 2012 at 11:01 AM, Dave Aitel <dave at immunityinc.com>  
> wrote:
> I know it's been a decade, and everyone is sick of talking about SQLi,
> but none-the-less, I was chatting with a bunch of people about it at  
> RSA
> and I wanted to throw out a metric to see if we can get consensus.
>
> The metric is this: How many websites have remote anonymous SQLi as a
> percentage. Obviously you're going to find more SQLi if you have
> authentication, or are doing static analysis on their code. But that's
> almost unfair. So let's just look at: "Can be found remotely by  
> someone
> with a minimum of time and effort".
>
> My theory is 5%, and one of the companies who does this also thought  
> 5%
> sounded reasonable.
>
> I think it's an interesting number to have, and if anyone wants to  
> chime
> in, feel free!
>
> --
> INFILTRATE 2013 January 10th-11th in Miami - the world's best  
> offensive information security conference.
> www.infiltratecon.com
>
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> http://lists.immunityinc.com/mailman/listinfo/dailydave
>
>
>
>
> -- 
> _________________________________
> Note to self: Pillage BEFORE burning.
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> http://lists.immunityinc.com/mailman/listinfo/dailydave

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/dailydave/attachments/20120307/eeff5bc5/attachment.html>


More information about the Dailydave mailing list