It seems that your site has been hacked.
if it is possible replace all the inline SQL with stored procedure, it will reduce the sql injection.
If it couldnt be replaced, then try examine the SQL inline on your website.
You can perform an update and replace the whole injection word by performing a while loop or fetch loop on your table.
See below example on how to perform a loop and update the record.
Use htmlEncode to output data from your database to prevent browsers to execute de code. Filter data coming from your inputs to prevent users to inject scripts into your database. Working with stored procedures and parametrized querys are good, but it will
not prevent users to insert javacritps with normal data. Validate all inputs, remove all invalid characters before send information to your database.
Saman005
0 Points
3 Posts
Please Help Me ! there is a Script on my database's Tables
Aug 04, 2012 05:42 AM|LINK
Hi guys
There is a problem in my database. in all tables and columns this :
"></title><script src="http://lasimp04risoned.rr.n
or
"></title><script src="http://lasim
has been added and all of my informations has been removed [the above code has been replaced instead of columns values] !
I'm using sql 2000 and asp.net 2.0.
is somebody here help me ?!
thanks
web_web
Member
64 Points
14 Posts
Re: Please Help Me ! there is a Script on my database's Tables
Aug 05, 2012 03:40 AM|LINK
It seems that your site has been hacked.
if it is possible replace all the inline SQL with stored procedure, it will reduce the sql injection.
If it couldnt be replaced, then try examine the SQL inline on your website.
You can perform an update and replace the whole injection word by performing a while loop or fetch loop on your table.
See below example on how to perform a loop and update the record.
http://www.webkeet.com/webtutorials/tabid/78/id/45/how-to-perform-a-for-loop-and-do-an-update-in-sql-server.aspx
vitor.salgad...
Member
48 Points
10 Posts
Re: Please Help Me ! there is a Script on my database's Tables
Aug 06, 2012 01:49 PM|LINK
Hi,
Use htmlEncode to output data from your database to prevent browsers to execute de code. Filter data coming from your inputs to prevent users to inject scripts into your database. Working with stored procedures and parametrized querys are good, but it will not prevent users to insert javacritps with normal data. Validate all inputs, remove all invalid characters before send information to your database.
Saman005
0 Points
3 Posts
Re: Please Help Me ! there is a Script on my database's Tables
Aug 06, 2012 04:39 PM|LINK
Thanks for your guides and help
I found something about that two script in "hacking news" .
Saman005
0 Points
3 Posts
Re: Please Help Me ! there is a Script on my database's Tables
Aug 06, 2012 04:42 PM|LINK
Thanks, it is second time this scripts run on my sites.
first time i used update / replace and solve problem but this time it's remove all think and update/ replace don't work any more.
by the way, thank you very much.
DnshPly9
Member
278 Points
84 Posts
Re: Please Help Me ! there is a Script on my database's Tables
Aug 09, 2012 09:01 AM|LINK
Hi,
It looks like your database has been hacked.
Follow the advices shared in the previous post to stop sql injection in your website.
Also since the scripts ran second time, try chaning the database password and see if it works.
I can only hope it work for you ASAP.
DnshPly9
India Habitat Center, New Delhi
dinesh2424@gmail.com
Please Mark as Answer to the Post that Guides You to Answer. It will help others easily get Answer.