Except you're incorrect. Well, partly.
SQL injection doesn't care if the server is linux, windows, etc. It's SQL, and therefore any SQL database is potentially vulnerable.
The Achilles Heel of any web server is the application layer. If the application layer doesn't properly santize and/or validate input, you can potentially read/write to the database with the permissions of the application...or more.
If you can compromise the tables that present site content, you can include a cross-site script call to a foreign web server. That call can be for ,oh, let's call it "ngg.js". You can Google that if you like, but for God's sake don't click on the results.
Ngg.js is JAVA. Java doesn't care what OS you're running, or even what browser you're running. It runs in it's own sandbox and is completley portable.
Yes, I know that Safari also runs on Windows, but the point is that this is a targetted, blended threat, so the usual rules about ciruclating viruses that would affect the larger market don't apply...these are professional criminals and they're well aware that many people out there feel safe and secure behind their Mac and Linux systems, and therefore may treat certain things as "safer" where they wouldn't trust them on Internet Explorer.
Say for example, visiting your favourite news site and being presented with a dialogue box asking you to install a Codec that's required to view specific content...we know that people are stupid, and they'll hapilly click on anything if they think they'll be able to watch stupid movies or free porn. So, you're on a site that you trust, and you've watched streaming content there before. It's only logical that you may need to update your codec, isn't it?
Originally Posted by Deaf_shooter
what if it model after his?