tag:blogger.com,1999:blog-7122745763234660283.post876119765982040850..comments2010-05-11T22:03:21.335-07:00Minded Securityhttp://www.blogger.com/profile/01503616812076743415noreply@blogger.comBlogger1125tag:blogger.com,1999:blog-7122745763234660283.post-24532130871806806422009-12-18T16:58:28.525-08:002009-12-18T16:58:28.525-08:00It&#39;s very important to outline that SQL Injection attacks can be used directly to steal credit card data if the affected site is an e-commerce site.<br /><br />Many online shops have the payment gateway configurations stored inside the database. An attacker could modify these information via SQL injection of course and then route the billing requests to his evil payment proxy. Hey, this is not a Phishing Attack, just a trick to transparently sniff the user data.Giorgio Fedonhttp://www.blogger.com/profile/10261243238330266276noreply@blogger.com