Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Krishna_Sridharan
Starting Member
3 Posts |
 Posted - 2008-10-14 : 04:01:52
|
| Hi all .. My hosted asp.net website got a strange problem which is using SQL server as backend.The database get modified automaticlly by merging some unwanted data into all the tables what i'm using. I'm suspecting that this is because of the website is not prone to SQL injection attack.For time being i wrote update query to replace the unwanted data to empty value. But after some days, the same unwanted data is merging again with the actual data of all the tables. Please help me to get rid of this problem.If any free tools available on net to check the SQL injection attack, Plz help me to get the URL. |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-10-14 : 04:06:48
|
| Try running profiler to see what are queries running on db expecially update ones. ALso look into sql code to spot out places where sql injection is possible like places where dynamic sql is used. Make sure you add sufficient checks at those places to avoid injection attacks. |
 |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2008-10-14 : 04:09:20
|
| see this toohttp://www.owasp.org/index.php/Guide_to_SQL_Injection |
|
|
|
|
|
|
SQL injection Avoidance