We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

View Complete Thread
  • Re: Anyone know about www.nihaorr1.com/1.js?

    Apr 20, 2008 12:51 PM|eftennis|LINK

    Thanks.   That is the first proof I have seen as to how this works. 

    We added a logging function to our sql calls to try to trap for this type of information.

    We have been adding a common script to the top of all of our pages to look for "offending" data in the url parms or the form variables.   Seems like a never ending task, though.  Doing the rework suggested to stop SQL Injectors is not an easy project given the hundreds of pages we have. 

    We are continuing to fight this.  It is a very "resource draining" project.