Attackers are increasingly exploiting common database vulnerabilities to leave behind code on thousands of sites, redirecting visitors to servers that host malicious downloads, security experts warned last week. The attacks, which apparently started at the beginning of April, attempt to use any field on a Web site that accepts user input to execute commands on the database that stores the site’s information. In the latest spate of compromises, unknown attackers used SQL injection techniques to create malicious iframe blocks on legitimate Web sites.