Not all compromised sites are a result of SQLi. Actually, SQLi is a
lower percent; most compromises today result from stolen FTP
credentials, weak upload permissions, or leveraging pre-existing PHP
backdoors left in other attacks.
-- Mary
On Mar 7, 2012, at 12:09 PM, allison nixon wrote:
"Can be found remotely by someone with a minimum of time and effort"
almost certainly means compromised and already distributing
malware. so if there is any database of hacked sites as a
percentage of legitimate sites... then there you have it.
On Wed, Mar 7, 2012 at 11:01 AM, Dave Aitel <[email protected]>
wrote:
I know it's been a decade, and everyone is sick of talking about SQLi,
but none-the-less, I was chatting with a bunch of people about it at
RSA
and I wanted to throw out a metric to see if we can get consensus.
The metric is this: How many websites have remote anonymous SQLi as a
percentage. Obviously you're going to find more SQLi if you have
authentication, or are doing static analysis on their code. But that's
almost unfair. So let's just look at: "Can be found remotely by
someone
with a minimum of time and effort".
My theory is 5%, and one of the companies who does this also thought
5%
sounded reasonable.
I think it's an interesting number to have, and if anyone wants to
chime
in, feel free!
--
INFILTRATE 2013 January 10th-11th in Miami - the world's best
offensive information security conference.
www.infiltratecon.com
_______________________________________________
Dailydave mailing list
[email protected]
http://lists.immunityinc.com/mailman/listinfo/dailydave
--
_________________________________
Note to self: Pillage BEFORE burning.
_______________________________________________
Dailydave mailing list
[email protected]
http://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
[email protected]
http://lists.immunityinc.com/mailman/listinfo/dailydave
