At work i have encounter a sql injection that inject a javascript into the database that will cause website to download the js javascript.
For more information, can take a look at this SQL Injection: More of the same (http://isc.sans.org/diary.html?storyid=4565)
I have tighten the security by disabling the selecting of the sysobjects from public, which will mitigate the risk.
To reverse the changes i use this sql to reversed out the changes:-
DECLARE @T varchar(255)
declare @C1 varCHAR(255)
DECLARE Table_Cursor
CURSOR FOR SELECT a.name,b.name FROM sysobjects a,syscolumns b
WHERE a.id=b.id AND a.xtype='u' AND
(b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C1
WHILE(@@FETCH_STATUS=0)
BEGIN
EXEC('update ' + @T + ' set ' + @C1 + '= substring(' + @c1+ ',1, CHARINDEX (''< script'',' +@C1 +')-1) where charindex(''< script'',' + @C1 + ') >0')
print 'update ' + @T + ' set ' + @C1 + '= substring(' + @c1+ ',1, CHARINDEX (''< < script'',' +@C1 +')-1) where charindex(''< script'',' + @C1 + ') >0'
FETCH NEXT FROM Table_Cursor INTO @T,@C1
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment