|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 85
Members: 0
Total: 85
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Sql Injection : Data Appended automatically |
|
Posted: Mon Jun 10, 2013 10:19 am |
|
|
gunjan |
Beginner |
|
|
Joined: Jun 10, 2013 |
Posts: 1 |
|
|
|
|
|
|
|
I have website as ASP.net as Front end and SQL Server 2005 as Back end.
But I am facing a very strange SQL injection on my back end.
Some type of CSS with HTML with spamming site is appending their code to my website database with each table and with each varchar type columns.
For e.g.
</title><style>.acoi{position:absolute;clip:rect(439px,auto,auto,439px);}</style><div class=acoi>Apply here <a href=http://gogopaydayloans.com>payday loans</a></div>
I tried all these things.
I have checked there are no query string parameters are open.
All queries are parameterized in whole website.
My IIS Server log not specifying that which page open for this.
How should I sort out this issue? |
|
|
|
|
|
www.waraxe.us Forum Index -> Sql injection
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|