Attackers are increasingly exploiting common database vulnerabilities
to leave behind code on thousands of sites, redirecting visitors to
servers that host malicious downloads, security experts warned last
week.
The attacks, which apparently started at the beginning of April,
attempt to use any field on a Web site that accepts user input to
execute commands on the database that stores the site's information.
Since most databases use some variant of the structured query language
(SQL), the attack is known as SQL injection.
http://www.securityfocus.com/brief/729