Solved

SQL injection (/b.js) - track database actions...

Posted on 2008-06-18
2
1,087 Views
Last Modified: 2008-10-27
I have fallen victim to what appears to be a SQL Injection attack (...banner82.com/b.js is inserted in all tables).  My system is an old ASP applicaiton that requires some protection updates (stored procedures and so on). I wonder if there is a way to track actions in my SQL server to see where (or on what table) the SQL injection is executed? The SQL injection happens several times each hour!
0
Comment
Question by:webressurs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 7

Accepted Solution

by:
Chrisedebo earned 500 total points
ID: 21812288
I would suggest leaving a trace running on the SQL database using the SQL Server Profiler, it will slightly hamper performance, but you will have a list of each action performed on the database. you can then search it to find out the syntax being used to modify your data.
0
 

Expert Comment

by:mcomedia
ID: 21875655
There is a way to clean out this particular injection.

Originally found on this website.
http://blogs.msdn.com/jay_akhawri/archive/2008/06/25/latest-sql-injection-of-script-components.aspx




use [your DB name]
 
DECLARE @T varchar(255), @C varchar(255);
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = 'u' AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T, @C;
WHILE (@@FETCH_STATUS = 0) BEGIN
  EXEC(
 --PRINT(
    'update ['+@T+'] set ['+@C+'] = left(
            convert(varchar(8000), ['+@C+']),
            len(convert(varchar(8000), ['+@C+'])) - 6 -
            patindex(''%tpircs<%'',
                      reverse(convert(varchar(8000), ['+@C+'])))
            )
      where ['+@C+'] like ''%<script%'''
      );
  FETCH NEXT FROM Table_Cursor INTO @T, @C;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;

Open in new window

0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Select Query help 1 38
MS SQL Server Management Studio R2 4 32
Delete old Sharepoint backups 2 23
SQL Help 4 17
Slowly Changing Dimension Transformation component in data task flow is very useful for us to manage and control how data changes in SSIS.
International Data Corporation (IDC) prognosticates that before the current the year gets over disbursing on IT framework products to be sent in cloud environs will be $37.1B.
Viewers will learn how the fundamental information of how to create a table.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question