Google Bots Doing SQL Injection Attacks

ccguy writes "It seems that while Google could really care less about your site and has no real interest in hacking you, their automated bots can be used to do the heavy lifting for an attacker. In this scenario, the bot was crawling Site A. Site A had a number of links embedded that had the SQLi requests to the target site, Site B. Google Bot then went about its business crawling pages and following links like a good boy, and in the process followed the links on Site A to Site B, and began to inadvertently attack Site B."

Re:HTTP RFC - Section 9.1 Safe and Idempotent Meth

[Anonymous Coward]

This is Slashdot. What do we know about GET HEAD methods?

Re:could not care less

[Anonymous Coward]

Means the same thing irregardless.

Re:How about Yahoo "bots", Bing "bots" ?

[Kalriath]

You must work for some really shit firms, cause it's a well know fact that what you're saying is bullshit.

Re:Read RFC 2616: Safe and Idempotent Methods ..

[mysidia]

I don't get it. What's unsafe about "select * from catalog where id=".$_GET["id"]?

Dude... you forgot to encrypt your databases.... it should be

$catalogname = str_rot13('catalog'); $idname = str_rot13('id');

$id = str_replace(';', '', $id, ); ... "select * from $catalogname where $idname=".$id

Make sure to insist that register_globals is set to On in the PHP settings for the web server.