DARK READING — Aug 2 — MySpace, LinkedIn, Facebook, and Friendster, are susceptible to SQL injection attacks. SQL injection-type attacks can do a lot more damage than a worm or adware: They could provide an attacker with access to a social networking site's entire database, for instance, says David Aitel, CTO of Immunity. "Every site is based on PHP in the front and MySQL in the back," he says. "As you sign up and fill in a form or login, if the site isn't doing the proper check of characters, an attacker could insert a SQL command and get access to all usernames" or other data about MySpace, he says. Social networking sites don't collect the type of personal data big-time hackers crave — social security numbers, credit-card numbers, and bank account data. But they could be used to stage an attack on that data. "MySpace could be used to get a dropper Trojan on a machine and set up a stakeout post," Cole says. "When the user goes to his or her corporate site, it would go ahead and steal his login credentials." Or if a user gets infected on LinkedIn, for example, his banking information could be stolen when he does online banking.
The full article was originally published at Dark Reading, but is no longer available.
Mark Brooks: Really? Your comments please.
This is very true, and something that isn’t well known to most users. There are also several windows vulnerabilites such as a infected bmp, or a infected windows media file. Both of these can be loaded on to a users profile on MySpace and downloaded by who-ever views the profile. Or it could even be possible to insert java code as well into the profile that can be downloaded. While most of these exploits are related to windows specifically, it is possible to craft some of these for other operating systems as well. So, user beware is a understatement.
The article, especially the bit about SQL injection, is mostly scare mongering.
The company featured in the article is just trying to get hired for a lucrative consulting gig with one (or more) of the big social networking players.
I seriously doubt these big players are using any open ad hoc sql queries. They would be using parameterized stored procedures for performance and security. Yes, these vulnerabilities exist, but not likely on the mentioned sites.