Tag Archive | "sql injection"

Tags: ,

SQL injection and Amazing Hacking Issue


Even had a generic code, how do hacker find victim quickly? The answer is  Google search

– try "inurl:login.asp" / "inurl:search.asp" and yiu will see. Beside, there is some more reference on SQL injection:

General Prevention
http://blogs.ittoolbox.com/windo … ection-attack-15364

ASP.NET prevention
http://msdn.microsoft.com/en-us/library/bb355989.aspx

ASP Filter
http://blogs.iis.net/nazim/archi … om-classic-asp.aspx

General Hacking
http://www.acunetix.com/websitesecurity/sql-injection.htm
http://www.informit.com/articles … 170880&seqNum=3

PHP +MySQL Hacking
http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php

Demo of SQL injection and the way to prevent it
http://www.sitepoint.com/article/sql-injection-attacks-safe

Time-delayed blind sql injection
http://www.microsoft.com/technet … /secmvp/sv0907.mspx
http://www.ngssoftware.com/papers/more_advanced_sql_injection.pdf

Massive injection
http://hackademix.net/2008/04/26/mass-attack-faq/
http://blogs.iis.net/bills/archi … is-web-servers.aspx

Cheat sheet
http://michaeldaw.org/sql-injection-cheat-sheet/

Share

Posted in SQL ServerComments (3)

Tags:

Clean SQL Injection


Check and recover DB from SQL injection
The SQL commands below detects if any data for all tables contains <script%</script
(You may change the texts in red color.)
1. SQL for detection only
2. SQL for recovery

1. SQL for detection only
===========================================
DECLARE @T varchar(255), @C varchar(255);
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = ‘u’ AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T, @C;
WHILE (@@FETCH_STATUS = 0) BEGIN
EXEC(
‘select * from ['+@T+'] where ['+@C+'] like "%<script%</script>"’
);
FETCH NEXT FROM Table_Cursor INTO @T, @C;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;

2. SQL for recovery
===========================================
DECLARE @T varchar(255), @C varchar(255);
DECLARE Table_Cursor CURSOR FOR
SELECT a.name, b.name
FROM sysobjects a, syscolumns b
WHERE a.id = b.id AND a.xtype = ‘u’ AND
(b.xtype = 99 OR
b.xtype = 35 OR
b.xtype = 231 OR
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T, @C;
WHILE (@@FETCH_STATUS = 0) BEGIN
EXEC(
‘update ['+@T+'] set ['+@C+'] = left(
convert(varchar(8000), ['+@C+']),
len(convert(varchar(8000), ['+@C+'])) – 6 -
patindex("%tpircs<%",
reverse(convert(varchar(8000), ['+@C+'])))
)
where ['+@C+'] like "%<script%</script>"’
);
FETCH NEXT FROM Table_Cursor INTO @T, @C;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;

Share

Posted in SQL ServerComments (4)