The SANS Diary has posted a recovered tool that has been used to do mass defacements of websites. I’m sure this is being posted all over, so I won’t wax on it too much. The tool uses a search to find potentially vulnerable sites, then just mass attempts to SQL inject it. It’s a sweet, simple little tool and I’m sure there are many, many others out in the wild just like it that simply haven’t been recovered or distributed by the author.
Bojan closes the piece with the necessary suggestion for everyone: fix your shit. Run your own scans against your web apps because attackers are already doing it. Kinda reminds me of port scanning your firewall…attackers do it, so should you! You’ve already lost the battle if attackers have more information than you do, or find that open port (vulnerable input) before you do.