Anatomy of a SQL Injection Incident, Part 2: Meat

Se prémunir des attaques de type "SQL Injection"...

SQL Server, BizTalk Server, le 64 bits et au-delà !... — Wed, 19 Mar 2008 11:35:20 GMT

Pour mieux comprendre les risques auxquels sont exposées vos bases de données, il est intéressant

re: Anatomy of a SQL Injection Incident, Part 2: Meat

GrumpySecurityGuy — Thu, 20 Mar 2008 23:29:17 GMT

Neil is archive.asp part of some standard web software package or are you just using that as an example?

re: Anatomy of a SQL Injection Incident, Part 2: Meat

neilcar — Fri, 21 Mar 2008 00:44:04 GMT

Archive.asp was just an example. The pages involved were all different and didn't appear to have any common code.

re: Anatomy of a SQL Injection Incident, Part 2: Meat

GrumpySecurityGuy — Fri, 21 Mar 2008 01:12:20 GMT

Wow that is interesting. So they code is either google dorking for classic ASP pages or performing web crawling itself then? That is pretty scary. I think this is the first example of a widespread defacement that did not use a vulnerability in a known package, like PHPBB etc... Does that sound correct?

re: Anatomy of a SQL Injection Incident, Part 2: Meat

neilcar — Fri, 21 Mar 2008 18:52:58 GMT

It does sound correct although it looks like this is the third wave (Nov 07, Jan 08) of mass defacement via this or a similar attack.

From the data I've looked at, all the affected pages were classic ASP and made SQL queries with data taken directly from query strings. Other than that, the pages didn't appear to have any similarities. I played around with building a SQL query that would generalize "any ASP page with a query string" but I didn't come up with one that worked. Of course, it's likely that the attackers are smarter than me. :)

re: Anatomy of a SQL Injection Incident, Part 2: Meat

Kumar Atl — Sat, 05 Apr 2008 15:47:27 GMT

Hello Sir,

Could you spare 2 minutes for me also?

I have a small website hosted on a shared plan. Hosting agency has provided me about 50 mb of sql server space.

My site extensively uses asp and sql server. My site ranking is good with google for certain keywords searches.

Friday morning I found that the bad people (nmidahena) had updated text fields in almost all of the tables with a <script> some thing.js </script>. This has created a nightmare for me.

Fortunately, I had a backup that came to my rescue. I also downloaded all asp and html files to my local machines and searched for "nmidahena" - nothing came up.

This is what I have done:

a) Restore sql server tables from the backup.

b) Rewrite my asp forms to not to accept any character or words that could be used for sql injection.

Do you think this would be sufficient to prevent future attack?

I dont know where to look for help. The hosting agency has no good answers.

Sir, I will gladly pay your feel for your advise.

with best regards

re: Anatomy of a SQL Injection Incident, Part 2: Meat

Tim Myers — Mon, 07 Apr 2008 18:31:25 GMT

We were hit Friday night by nmidahena which is the newest edition of this virus. Neil pegged it. My quick fix was to create include code that parses the query string looking for DDL statements and flaging it with an error. I get an email with each error so I can tweak the code if it is a false error. I've already received one email showing sql injection. My next step is to parameterize all queries.

SQL Injection General Guidance

Microsoft Switzerland Security Blog — Wed, 28 May 2008 11:13:11 GMT

There s a lot of noise arround currently ongoig SQL injection attacks and even if that is quite an "old"

The latest SQL Injection Attacks

Roger's Security Blog — Fri, 30 May 2008 10:41:24 GMT

Well, there was quite some chatter over the last few weeks with regards to the massive defacements we

http://blogs.technet.com/swi/archive/2008/05/29/sql-injection-attack.aspx

TrackBack — Fri, 30 May 2008 21:12:34 GMT

SQL注入攻击-来自微软安全博客的建议

Applelure — Thu, 05 Jun 2008 06:01:08 GMT

本文翻译自微软博客上刊载的相关文章，英文原文版权归原作者所有，特此声明。（特别感谢NeilCarpenter对本文写作提供的帮助）

近期趋势

从去年下半年开始，很多网站被损害，他们在用于生成动...

Inyección SQL... esta bajo ataque?

Todo es posible, nada es seguro — Mon, 16 Jun 2008 11:55:25 GMT

Hay muchos sitios y blogs que hablan sobre el tema de inyección SQL. Puede encontrar toda la información

SQL Injection Tools

Theophilus — Thu, 03 Jul 2008 23:13:07 GMT

Read a couple of blog posts about some fairly recent SQL Injection attacks (03 /08); http://blogs.technet

SQL Injection Combat

Theophilus — Thu, 03 Jul 2008 23:15:56 GMT

Read a couple of blog posts about some fairly recent SQL Injection attacks (03 /08); http://blogs.technet

Prevenindo SQL Injection - Ataques estranhos

Name of the blog — Wed, 20 May 2009 05:37:15 GMT

Prevenindo SQL Injection - Ataques estranhos