Solved

SQL injection (/b.js) - track database actions...

Posted on 2008-06-18
2
1,085 Views
Last Modified: 2008-10-27
I have fallen victim to what appears to be a SQL Injection attack (...banner82.com/b.js is inserted in all tables).  My system is an old ASP applicaiton that requires some protection updates (stored procedures and so on). I wonder if there is a way to track actions in my SQL server to see where (or on what table) the SQL injection is executed? The SQL injection happens several times each hour!
0
Comment
Question by:webressurs
2 Comments
 
LVL 7

Accepted Solution

by:
Chrisedebo earned 500 total points
ID: 21812288
I would suggest leaving a trace running on the SQL database using the SQL Server Profiler, it will slightly hamper performance, but you will have a list of each action performed on the database. you can then search it to find out the syntax being used to modify your data.
0
 

Expert Comment

by:mcomedia
ID: 21875655
There is a way to clean out this particular injection.

Originally found on this website.
http://blogs.msdn.com/jay_akhawri/archive/2008/06/25/latest-sql-injection-of-script-components.aspx




use [your DB name]
 

DECLARE @T varchar(255), @C varchar(255);

DECLARE Table_Cursor CURSOR FOR

SELECT a.name, b.name

FROM sysobjects a, syscolumns b

WHERE a.id = b.id AND a.xtype = 'u' AND

(b.xtype = 99 OR

b.xtype = 35 OR

b.xtype = 231 OR

b.xtype = 167);

OPEN Table_Cursor;

FETCH NEXT FROM Table_Cursor INTO @T, @C;

WHILE (@@FETCH_STATUS = 0) BEGIN

  EXEC(

 --PRINT(

    'update ['+@T+'] set ['+@C+'] = left(

            convert(varchar(8000), ['+@C+']),

            len(convert(varchar(8000), ['+@C+'])) - 6 -

            patindex(''%tpircs<%'',

                      reverse(convert(varchar(8000), ['+@C+'])))

            )

      where ['+@C+'] like ''%<script%'''

      );

  FETCH NEXT FROM Table_Cursor INTO @T, @C;

END;

CLOSE Table_Cursor;

DEALLOCATE Table_Cursor;

Open in new window

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Nowadays, some of developer are too much worried about data. Who is using data, who is updating it etc. etc. Because, data is more costlier in term of money and information. So security of data is focusing concern in days. Lets' understand the Au…
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
Via a live example, show how to shrink a transaction log file down to a reasonable size.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now