Dark Reading

A Weapon Against SQL Injection

The single most common database security inquiry I get is, "What's this whole stored procedure parameter thing, and how does it help with SQL injection?"With the Albert Gonzales hearings under way, ...
Dark Reading

Cacti Monitoring Tool Spiked by Critical SQL Injection Vulnerability

A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents — presenting a prickly risk ...
Ars Technica

Google crawler tricked into performing SQL injection attacks using decade-old techniq

If the attacker wants to receive some output of the database he could combine an sql injection with an html injection. First inject malicious html in the databse, then the html will be put in the site ...