At Black Hat Europe later this month, a British researcher will show off a tactic for using. using. SQL injection to take control of the database behind the Web server. The attack goes after. MySQL, Microsoft s. SQL Server, and Postgres running on Windows or Linux servers. The mass. of. attacks against thousands of legitimate Web sites last year showed just how prevalent this technique is and how many sites are susceptible to it. There are hundreds of thousands more vulnerable sites on the Web that haven’t been attacked yet.
Source: https://threatpost.com/researcher-unveil-new-sql-injection-attack-040209/72533/