Page is a not externally linkable
topr8 - 11:22 am on May 27, 2008 (gmt 0)
i think robots are searching for asp pages that use querystrings such as: it is then requesting those pages using a querystring such as: ?productID=10;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440045004 [+ hundreds more characters] to combat this you need to clean your data before you query the database. eg. if you are doing something like select * from table where productid=" & request["productid"] then you are in BIG trouble you must first test request["productid"] to see that it is a value you expect it to be, perhaps an integer only, or a string but it won't be longer than 20 characters for instance. you should also use stored procedures as well. note that cleaning your db table fields is only temporary, unless you clean up the way you query the database it will just be reinfected. also i'm not sure if this attack is targeted at forms as well, but it is certainly targetted at parameters passed in querystrings. as an aside, most of these attacks seem to be coming from china, but not all of them.
this is sweeping the internet right now.
?prodid= or ?productid= or ?id= [and probably more]