<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div>Not all compromised sites are a result of SQLi. Actually, SQLi is a lower percent; most compromises today result from stolen FTP credentials, weak upload permissions, or leveraging pre-existing PHP backdoors left in other attacks.<div><br></div><div>-- Mary</div><div><br></div>On Mar 7, 2012, at 12:09 PM, allison nixon wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">"Can be found remotely by someone </span><span style="font-family:arial,sans-serif;font-size:13px;background-color:rgb(255,255,255)">with a minimum of time and effort"</span> almost certainly means compromised and already distributing malware. so if there is any database of hacked sites as a percentage of legitimate sites... then there you have it.<br> <br><div class="gmail_quote">On Wed, Mar 7, 2012 at 11:01 AM, Dave Aitel <span dir="ltr"><<a href="mailto:dave@immunityinc.com">dave@immunityinc.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"> I know it's been a decade, and everyone is sick of talking about SQLi,<br> but none-the-less, I was chatting with a bunch of people about it at RSA<br> and I wanted to throw out a metric to see if we can get consensus.<br> <br> The metric is this: How many websites have remote anonymous SQLi as a<br> percentage. Obviously you're going to find more SQLi if you have<br> authentication, or are doing static analysis on their code. But that's<br> almost unfair. So let's just look at: "Can be found remotely by someone<br> with a minimum of time and effort".<br> <br> My theory is 5%, and one of the companies who does this also thought 5%<br> sounded reasonable.<br> <br> I think it's an interesting number to have, and if anyone wants to chime<br> in, feel free!<br> <font color="#888888"><br> --<br> INFILTRATE 2013 January 10th-11th in Miami - the world's best offensive information security conference.<br> <a href="http://www.infiltratecon.com" target="_blank">www.infiltratecon.com</a><br> <br> <br> </font><br>_______________________________________________<br> Dailydave mailing list<br> <a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br> <a href="http://lists.immunityinc.com/mailman/listinfo/dailydave" target="_blank">http://lists.immunityinc.com/mailman/listinfo/dailydave</a><br> <br></blockquote></div><br><br clear="all"><div><br></div>-- <br>_________________________________<br>Note to self: Pillage BEFORE burning.<br> _______________________________________________<br>Dailydave mailing list<br><a href="mailto:Dailydave@lists.immunityinc.com">Dailydave@lists.immunityinc.com</a><br><a href="http://lists.immunityinc.com/mailman/listinfo/dailydave">http://lists.immunityinc.com/mailman/listinfo/dailydave</a><br></blockquote></div><br></body></html>