Solved

SQL injection (/b.js) - track database actions...

Posted on 2008-06-18
2
1,084 Views
Last Modified: 2008-10-27
I have fallen victim to what appears to be a SQL Injection attack (...banner82.com/b.js is inserted in all tables).  My system is an old ASP applicaiton that requires some protection updates (stored procedures and so on). I wonder if there is a way to track actions in my SQL server to see where (or on what table) the SQL injection is executed? The SQL injection happens several times each hour!
0
Comment
Question by:webressurs
2 Comments
 
LVL 7

Accepted Solution

by:
Chrisedebo earned 500 total points
ID: 21812288
I would suggest leaving a trace running on the SQL database using the SQL Server Profiler, it will slightly hamper performance, but you will have a list of each action performed on the database. you can then search it to find out the syntax being used to modify your data.
0
 

Expert Comment

by:mcomedia
ID: 21875655
There is a way to clean out this particular injection.

Originally found on this website.
http://blogs.msdn.com/jay_akhawri/archive/2008/06/25/latest-sql-injection-of-script-components.aspx




use [your DB name]
 

DECLARE @T varchar(255), @C varchar(255);

DECLARE Table_Cursor CURSOR FOR

SELECT a.name, b.name

FROM sysobjects a, syscolumns b

WHERE a.id = b.id AND a.xtype = 'u' AND

(b.xtype = 99 OR

b.xtype = 35 OR

b.xtype = 231 OR

b.xtype = 167);

OPEN Table_Cursor;

FETCH NEXT FROM Table_Cursor INTO @T, @C;

WHILE (@@FETCH_STATUS = 0) BEGIN

  EXEC(

 --PRINT(

    'update ['+@T+'] set ['+@C+'] = left(

            convert(varchar(8000), ['+@C+']),

            len(convert(varchar(8000), ['+@C+'])) - 6 -

            patindex(''%tpircs<%'',

                      reverse(convert(varchar(8000), ['+@C+'])))

            )

      where ['+@C+'] like ''%<script%'''

      );

  FETCH NEXT FROM Table_Cursor INTO @T, @C;

END;

CLOSE Table_Cursor;

DEALLOCATE Table_Cursor;

Open in new window

0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Using examples as well as descriptions, and references to Books Online, show the documentation available for date manipulation functions and by using a select few of these functions, show how date based data can be manipulated with these functions.
Viewers will learn how the fundamental information of how to create a table.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now