600,000 backlinks in one go

by David Naylor
Bronco - Digital Marketing Agency

That’s what just happened, a massive SQL Injection was discovered on F-secure, hat tip to 0x000000 I found it there, I wonder how many peoples computers just got malware on them.

But imagine in a controlled manner you could either destroy websites ranking by adding 50,000 links to all your competitors.

From F-secure,

Unless that data is sanitized before it gets saved you can’t control what the website will show to the users. This is what SQL injection is all about, exploiting weaknesses in these controls. In this case the injection code starts off like this (note, this is not the complete code):


Which when decoded becomes:

DECLARE @T varchar(255)’@C varchar(255) DECLARE Table_Cursor
CURSOR FOR select a.name’b.name from sysobjects a’syscolumns b
where a.id=b.id and a.xtype=’u’ and (b.xtype=99 or b.xtype=35
or b…

What happens as a result? It finds all text fields in the database and adds a link to malicious javascript to each and every one of them which will make your website display them automatically. So essentially what happened was that the attackers looked for ASP or ASPX pages containing any type of querystring (a dynamic value such as an article ID, product ID, et cetera) parameter and tried to use that to upload their SQL injection code.

is this a good time to mention Firewall Script again


Bronco - Digital Marketing Agency
Making your inbox more interesting
Looking to keep up to date, or find out those things we can’t mention on the blog? Then sign up to our semi-regular newsletter. Don’t worry, we won’t spam you.


Get in Touch

Things are better when they’re made simpler. That’s why the David Naylor blog is now just that; a blog. No sales pages, no contact form - just interesting* info about SEO.

If you’d like to find out more about the Digital Marketing services we do provide then head over to Bronco (our main company website) to get in touch.

Get in Touch Today * Interestingness not guaranteed
Part of the Bronco family