Via Lockergnome Bytes:
Automated SQL injection: What your enterprise needs to know: “SQL injection exploits may soon be as common as those targeting Windows and Unix flaws, experts say. An estimated 60% of Web applications that use dynamic content are likely vulnerable, with devastating consequences for an enterprise. A presentation of an automated attack targeting SQL injection flaws is planned for Black Hat Briefings this week in Las Vegas. This two-part interview with SPI Dynamics CTO Caleb Sima will tell you what you should fear, why and…”
This is why PHP-Nuke should be avoided. It doesn’t attempt to be secure, with user-provided values passed directly to SQL queries without any error checking or quoting. Drupal, on the other hand, never passes any user-provided values directly to any query.