"Many forms of code injection targeted at web-based applications (for instance cross-site scripting and SQL injection) rely upon the instantaneous execution of the embedded code to carry out the attack (e.g. stealing a user's current session information or executing a modified SQL query). In some cases it may be possible for an attacker to inject their malicious code into a data storage area that may be executed at a later date or time. Depending upon the nature of the application and the way the malicious data is stored or rendered, the attacker may be able to conduct a second-order code injection attack.
A second-order code injection attack can be classified as the process in which malicious code is injected into a web-based application and not immediately executed, but instead is stored by the application (e.g. temporarily cached, logged, stored in a database) and then later retrieved, rendered and executed by the victim."
The full article can be viewed online: http://www.nextgenss.com/papers/SecondOrderCodeInjection.pdf
Virus writers elude Microsoft's bounty hunt
Virus writers have a price on their heads--but it's done little to discourage them.
In the year since Microsoft kicked off its Anti-Virus Reward Program, it has tallied only a single success. The program has offered $1 million to informants who help close official investigations into four major viruses and worms, and has another $4 million earmarked for future rewards, but the deluge of online threats has continued to swell.
"I think it is fair to say for every time they have gone public to offer a bounty, it hasn't worked," said Graham Cluley, a senior technology consultant at Sophos, an antivirus software company.
More in http://news.com.com/Virus+writers+elude+Microsofts+bounty+hunt/2100-7349_3-5439456.html