MS_SQL injection attacks


Code: p1650

Severity: Warning


Description: This event is generated when an attempt is made to access a host running Microsoft SQL Server.

Impact: Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command including DROP TABLE to the database!

Corrective: Patching your servers, databases, programming languages and operating systems is critical but will in no way the best way to prevent SQL Injection Attacks.