Last post Aug 09, 2012 05:01 AM by DnshPly9
Aug 04, 2012 01:42 AM|Saman005|LINK
There is a problem in my database. in all tables and columns this :
has been added and all of my informations has been removed [the above code has been replaced instead of columns values] !
I'm using sql 2000 and asp.net 2.0.
is somebody here help me ?!
Aug 04, 2012 11:40 PM|web_web|LINK
It seems that your site has been hacked.
if it is possible replace all the inline SQL with stored procedure, it will reduce the sql injection.
If it couldnt be replaced, then try examine the SQL inline on your website.
You can perform an update and replace the whole injection word by performing a while loop or fetch loop on your table.
See below example on how to perform a loop and update the record.
Aug 06, 2012 09:49 AM|vitor.salgado|LINK
Use htmlEncode to output data from your database to prevent browsers to execute de code. Filter data coming from your inputs to prevent users to inject scripts into your database. Working with stored procedures and parametrized querys are good, but it will
not prevent users to insert javacritps with normal data. Validate all inputs, remove all invalid characters before send information to your database.
Aug 06, 2012 12:39 PM|Saman005|LINK
Thanks for your guides and help
I found something about that two script in "hacking news" .
Aug 06, 2012 12:42 PM|Saman005|LINK
Thanks, it is second time this scripts run on my sites.
first time i used update / replace and solve problem but this time it's remove all think and update/ replace don't work any more.
by the way, thank you very much.
Aug 09, 2012 05:01 AM|DnshPly9|LINK
It looks like your database has been hacked.
Follow the advices shared in the previous post to stop sql injection in your website.
Also since the scripts ran second time, try chaning the database password and see if it works.
I can only hope it work for you ASAP.