Microsoft issues advice on SQL injection attacks

Microsoft is alerting customers to several tools that could bolster Web application development in the wake of a rising number of SQL injection attacks targeting faulty code in websites.

This includes that uc8010 attack which was launched around 28 December 2007. (see here and here for the lowdown on uc8010.

For the record, the attack is about poor programming (or lazy programming at any rate), and Microsoft are keen to point out that:

Is this a security vulnerability that requires Microsoft to issue a security update?
No. Any Web application code that has followed generally accepted best practices for security is significantly less susceptible to the SQL injection attack. Although this is not a security vulnerability, this advisory was issued to provide additional warning and assistance for administrators with vulnerable sites.

Microsoft Security Advisory (954462) Rise in SQL Injection Attacks Exploiting Unverified User Data Input

For those of you who have been recently hit by an SQL injection attack here are some useful resources that I have found:

What do to do if you do not have a backed up copy of your database before the SQL injection attack

hackademix.net has code which *may* reverse the SQL injection attack

This is the crucial piece of code which could save your bacon:

EXEC(
     '
    
update ['+@T+'] set ['+@C+'] = left(
       convert(varchar(8000), ['+@C+']),
       len(convert(varchar(8000), ['+@C+'])) - 6 -
       patindex(''%tpircs<%'',
       reverse(convert(varchar(8000), ['+@C+']))))
     where ['+@C+'] like ''%<script%</script>''
   
'
);
more than likely you will have to modify it for your specific attack. Please check the hackademix.net for full details.

Advertisements

2 thoughts on “Microsoft issues advice on SQL injection attacks

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s