Comments on: Latest info on SQL injection attack. http://www.rumblepup.com/latest-info-on-sql-injection-attack/ I'm not a player, I just crush alot Wed, 28 Jul 2010 07:30:10 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: Hacked -- Help - DIY Themes Forums http://www.rumblepup.com/latest-info-on-sql-injection-attack/comment-page-1/#comment-41 Hacked -- Help - DIY Themes Forums Sun, 17 Aug 2008 04:23:37 +0000 http://www.rumblepup.com/?p=32#comment-41 [...] looks like a sql injection hack to me, which I've had some experience enduring Latest info on SQL injection attack. | rumblepup. I don't know if there is some vulnerability not seem in wordpress before, or if the databases for [...] [...] looks like a sql injection hack to me, which I’ve had some experience enduring Latest info on SQL injection attack. | rumblepup. I don’t know if there is some vulnerability not seem in wordpress before, or if the databases for [...]

]]> By: Rit Man http://www.rumblepup.com/latest-info-on-sql-injection-attack/comment-page-1/#comment-40 Rit Man Thu, 03 Jul 2008 15:45:38 +0000 http://www.rumblepup.com/?p=32#comment-40 We got attacked on a clients website, and the DECLARE statement had an @ symbol in it, and for some reason when I was parsing the input, that charactor made it seem like the variable was empty, so the parsing for the offending code was useless. I fixed the problem by parsing the length of the total input not just the individaul variable and we survived MANY MANY subsequent attacks. If your reading this, good luck with your battle! We got attacked on a clients website, and the DECLARE statement had an @ symbol in it, and for some reason when I was parsing the input, that charactor made it seem like the variable was empty, so the parsing for the offending code was useless.

I fixed the problem by parsing the length of the total input not just the individaul variable and we survived MANY MANY subsequent attacks. If your reading this, good luck with your battle!

]]> By: ADAC http://www.rumblepup.com/latest-info-on-sql-injection-attack/comment-page-1/#comment-39 ADAC Fri, 06 Jun 2008 17:01:10 +0000 http://www.rumblepup.com/?p=32#comment-39 "If the offending script does not appear, you’ll have clean code and timestamp as to when the last time your code was clean." Sounds like your saying that this hack can alter your code. I would think that it can only use weakly written code to alter your database. Thanks for the info, this is the first time this has happened to one of my site. Visual studio be default block SQL injection, you have to turn this off if you want to be able to pass html and scripts. I was caught on some old legacy asp code. “If the offending script does not appear, you’ll have clean code and timestamp as to when the last time your code was clean.”

Sounds like your saying that this hack can alter your code. I would think that it can only use weakly written code to alter your database.

Thanks for the info, this is the first time this has happened to one of my site. Visual studio be default block SQL injection, you have to turn this off if you want to be able to pass html and scripts.

I was caught on some old legacy asp code.

]]> By: The xiaobaishan bomb is now the flyzhu.9966 bomb. | rumblepup http://www.rumblepup.com/latest-info-on-sql-injection-attack/comment-page-1/#comment-38 The xiaobaishan bomb is now the flyzhu.9966 bomb. | rumblepup Fri, 06 Jun 2008 15:53:26 +0000 http://www.rumblepup.com/?p=32#comment-38 [...] I’ve got new info on this. It’s a pure sql injection [...] [...] I’ve got new info on this. It’s a pure sql injection [...]

]]>