SECUNIA ADVISORY ID: SA31295

VERIFY ADVISORY: http://secunia.com/advisories/31295/

CRITICAL: Moderately critical

IMPACT: Exposure of system information, Exposure of sensitive information

SOFTWARE: Coppermine Photo Gallery 1.x - http://secunia.com/product/1427/

DESCRIPTION: EgiX has discovered a vulnerability in Coppermine Photo Gallery, which can be exploited by malicious people to disclose sensitive information.
 Read More...

SECUNIA ADVISORY ID: SA31106

VERIFY ADVISORY: http://secunia.com/advisories/31106/

CRITICAL: Highly critical

IMPACT: Security Bypass, Spoofing, System access

SOFTWARE: Mozilla Firefox 3.x - http://secunia.com/product/19089/

DESCRIPTION: Some vulnerabilities have been reported in Firefox 3, which can be exploited by malicious people to bypass certain security restrictions, potentially conduct spoofing attacks, or compromise a user's system. The vulnerabilities are reported in versions prior to 3.0.1.
 Read More...

kguske writes:  

On July 2, 2008, Google released Ratproxy: a semi-automated, largely passive web application security audit tool, optimized for an accurate and sensitive detection, and automatic annotation, of potential problems and security-relevant design patterns based on the observation of existing, user-initiated traffic in complex web 2.0 environments.

ratproxy "detects and prioritizes broad classes of security problems, such as dynamic cross-site trust model considerations, script inclusion issues, content serving problems, insufficient XSRF and XSS defenses, and much more."  Read More...

SECUNIA ADVISORY ID: SA30915

VERIFY ADVISORY: http://secunia.com/advisories/30915/

CRITICAL: Highly critical

IMPACT: DoS, System access

SOFTWARE: Mozilla Thunderbird 2.x - http://secunia.com/product/14070/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Thunderbird, which potentially can be exploited by malicious people to compromise a user's system. Read More...

SECUNIA ADVISORY ID: SA30911

VERIFY ADVISORY: http://secunia.com/advisories/30911/

CRITICAL: Highly critical

IMPACT: Security Bypass, Cross Site Scripting, Spoofing, Exposure of system information, Exposure of sensitive information, DoS, System access

REVISION: 1.1 originally posted 2008-07-02

SOFTWARE: Mozilla Firefox 2.0.x - http://secunia.com/product/12434/

DESCRIPTION: Some vulnerabilities have been reported in Mozilla Firefox, which can be exploited by malicious people to conduct cross-site scripting and spoofing attacks, bypass certain security restrictions, disclose sensitive information, or potentially compromise a user's system. The vulnerabilities are reported in versions prior to 2.0.0.15. Read More...

Even though this article is written in response to SQL Injection attacks in/on ASP/IIS, it is just as relevant to PHP/MySQL.

Michael Howard writes: You may have read recently about a large number of Web servers that were compromised through a SQL injection attack. The malicious SQL payload is very well designed, somewhat database schema agnostic and generic so it could compromise as many database servers as possible. While the attack was a SQL injection attack that attacked and compromised back-end databases courtesy of vulnerable Web pages, from a user's perspective the real attack was compromised Web pages that serve up malware to attack user's through their browsers. In essence, there were two sets of victims: the Web site operators and the users who visited the affected Web sites. In this post, I want to focus on what the first set of users, the Web site operators, can do to protect themselves.

The fact that the malicious payload was so generic shows that the science of SQL injection has not taken a back seat to research in other vulnerability types, such as buffer overflows or cross-site scripting issues.

I think the first lesson from this attack is this:

If you have a Web server (doesn't matter what type), and it's hooked up to a database (doesn't matter what type) you need to go in and review your code that performs the database work.

So now that you've determined the database access code, now what? The SDL is very specific about what do here, there are three requirements - they are requirements not recommendations, which means you must do the following coding requirements and defenses

* Use SQL Parameterized Queries
* Use Stored Procedures
* Use SQL Execute-only Permission Read More...