SQL Injection removal
Posted on 2008-10-07
We are using IIS6 and SQL Server 2005 to host our clients websites. One of our websites has been listed by Google with the warning 'This site may harm your computer.'
Having investigated this it would appear that the site is suffering from some kind of SQL Injection attack. I have run the HP Scrawler tool which confirms that three pages are 'confirmed verbose'. Having thereafter looked at these pages I cannot see anything strange in the code. I have tried to find some information with regard to solving this problem but as yet have been unable to find a cure.
We also have SQL server 2008 installed on the server - would it help if I used SQL 2008 to host the database?
Any help would be hugely appreciated.