A tool discovered by Sans Security Handlers has shed some light on how 10000 web sites were compromised earlier this year. An automated SQL injection attack that utilized google searches against ASP pages that contained potential sql injection points is at the core of the attack.
While we had a general idea about what they do during these attacks, and we knew that they were automated, we did not know exactly how the attacks worked, or what tools the attackers used. The strategy was relatively simple: they used search engines in order to find potentially vulnerable applications and then tried to exploit them. The exploit just consisted of an SQL statement that tried to inject a script tag into every HTML page on the web site.