thisisfutile (2/24/2014)
From Steve's editorial:look for potential hacking issues, like updating all of your lookup values to the same string, or embedding script tags in your data.
Can anyone elaborate on either of Steve's two suggestions? I don't understand what either of these ideas mean. I'm hoping that it's obvious after someone explains them but at this point I'm clueless. Any links perhaps?
I don't think it means anything beyond what it says - I have observed both these attacks (not at my workplace).
If you have a SQL Injection vulnerability then a way this may be exploited (in a minor, annoying way) is that the hackers change all strings in a lookup table (e.g. list of countries) to ''Leet haxors wuz here". They may also choose to update a string value to include script tags e.g. edit all product names to include something like <script>alert('Leet haxors wuz here');</script> - in that way when anyone visits the site (if it puts the product name on the page etc) the aforementioned alert appears.