Comments on: The xiaobaishan bomb is now the flyzhu.9966 bomb. http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/ I'm not a player, I just crush alot Wed, 28 Jul 2010 07:30:10 +0000 http://wordpress.org/?v=2.9.2 hourly 1 By: ADAC http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-37 ADAC Fri, 06 Jun 2008 16:52:49 +0000 http://www.rumblepup.com/?p=31#comment-37 He got to me through some old asp code. A login that had no validation. Could have been a lot worse, I lost a little data but for the most part he just appended my data. He got to me through some old asp code. A login that had no validation. Could have been a lot worse, I lost a little data but for the most part he just appended my data.

]]> By: rumblepup http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-36 rumblepup Fri, 06 Jun 2008 15:49:41 +0000 http://www.rumblepup.com/?p=31#comment-36 @Mark - Well, yes and no. There is a patch for the Windows Media File problem, that's part of regular updates. But if these types of vulnerabilities "might" be part of the problem, I for one want every update available. @Mark – Well, yes and no. There is a patch for the Windows Media File problem, that’s part of regular updates. But if these types of vulnerabilities “might” be part of the problem, I for one want every update available.

]]> By: mark http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-35 mark Fri, 06 Jun 2008 13:48:18 +0000 http://www.rumblepup.com/?p=31#comment-35 so there is no patch ... figured that ... so there is no patch … figured that …

]]> By: Russ http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-34 Russ Fri, 06 Jun 2008 12:56:48 +0000 http://www.rumblepup.com/?p=31#comment-34 I have a dedicated server which is up to date, which didn't make sense why I would be missing a patch. I found a blog from Microsoft stating that there was no problem which required patching. Upon further inspection, I found a page on my site that was susceptible to sql injection through the query string. With writing simple validation, I have been problem free for 24 hours. You can also try to look into SQL Triggers to help with this issue: http://www.sqlteam.com/article/an-introduction-to-triggers-part-i I have a dedicated server which is up to date, which didn’t make sense why I would be missing a patch. I found a blog from Microsoft stating that there was no problem which required patching.

Upon further inspection, I found a page on my site that was susceptible to sql injection through the query string. With writing simple validation, I have been problem free for 24 hours. You can also try to look into SQL Triggers to help with this issue:
http://www.sqlteam.com/article/an-introduction-to-triggers-part-i

]]> By: rumblepup http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-33 rumblepup Fri, 06 Jun 2008 01:06:32 +0000 http://www.rumblepup.com/?p=31#comment-33 @Mark - They are part of the regular Windows Updates you server should be running. @GFN - If your talking about your database, your too late, your going to have to recover the data and do some serious patching. @Russ - See Mark @Krystal - See Mark I did find some useful stuff. I'll post a link up with the update. @Mark – They are part of the regular Windows Updates you server should be running.

@GFN – If your talking about your database, your too late, your going to have to recover the data and do some serious patching.

@Russ – See Mark

@Krystal – See Mark

I did find some useful stuff. I’ll post a link up with the update.

]]> By: Krystal http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-32 Krystal Thu, 05 Jun 2008 17:27:53 +0000 http://www.rumblepup.com/?p=31#comment-32 Can you post a link to this patch? One of our sites was affected by this and I did a search but cant seem to find the patch. We have automatic updates turned on but still got hacked. Thanks! Can you post a link to this patch? One of our sites was affected by this and I did a search but cant seem to find the patch. We have automatic updates turned on but still got hacked. Thanks!

]]> By: Russ http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-31 Russ Thu, 05 Jun 2008 12:46:59 +0000 http://www.rumblepup.com/?p=31#comment-31 Would you happen to have more details on tha patch from Microsoft? I can't seem to find it. Thanks. Would you happen to have more details on tha patch from Microsoft? I can’t seem to find it. Thanks.

]]> By: GFN http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-30 GFN Thu, 05 Jun 2008 05:47:52 +0000 http://www.rumblepup.com/?p=31#comment-30 Does anyone know how to fix this? I have installed everything from Windows Update but it didint help. Update was done obviously too late :( Does anyone know how to fix this? I have installed everything from Windows Update but it didint help. Update was done obviously too late :(

]]> By: Mark http://www.rumblepup.com/the-xiaobaishan-bomb-is-now-the-flyzhu-bomb/comment-page-1/#comment-29 Mark Wed, 04 Jun 2008 20:24:57 +0000 http://www.rumblepup.com/?p=31#comment-29 You know which patch ? You know which patch ?

]]>