|
SQL injection is a technique that exploits a security vulnerability
occurring in the database layer of an application where a hacker can gain access to resources or make changes to data; here, to inject some code to redirect the user to a malicious site: i frame src="http://bbs.jueduizuan.com"> /i frame> Many of the sites contain multiple exploits looking for vulnerabilities in the IE Broswer; Adobe Reader; Flash; Quicktime, etc. These are all remote code execution, or Drive-by download exploits. Since you are using Anti-Executable, you are protected from the executable payload downloading/executing. First Site: http://bbs.jueduizuan.com The exploit uses MS06-014 Microsoft Data Access Components (MDAC) to download a trojan dropper ri.exe, copy it and attempt to launch as svchost.exe Code 
The attempt to execute svchost.exe (ri.exe) fails because ri.exe is blocked from downloading, therefore, cannot execute. Second Site: http://winzipices.cn Spoofed .gif file CODE 
EXPLOIT BLOCKED 
|
