 |
 |
 |
|
07.10.08 SQL Injection Finder Tool  By Dan Morrill This handy newly updated tool from the Code Plex can help parse your IIS Logs looking for the standard command sequences that indicate someone is trying to do an SQL injection attack against your IIS Servers. This tool looks at asp pages targeted by the ongoing SQL injection attacks, and lets you know if your system has been probed or scanned by any number of tools that are used to cause these. The idea is to search on a key string "Cast" followed by the usual suspect command sequences as shown below.
ID=UT-47-TP-M17;DECLARE%20@S%20NVARCHAR(4000);SET%20 @S=CAST(0x440(Deleted String) 6F007200%20AS%20NVARCHAR (4000));EXEC(@S);--|0|80020009| Either_BOF_or_EOF_is_True__or_the_current_record_has_been_ deleted._Requested_operation_requires_a_current_record. In all this handy tool can at least help parse those gigabyte size logs and see if you have been scanned, and which pages are the ones that are being hit. This can help focus local resources to help work out what pages are vulnerable, or suspected vulnerable, allowing for repairs to be made. Comments About the Author: Dan Morrill has been in the information security field for 18 years, both civilian and military, and is currently working on his Doctor of Management. Dan shares his insights on the important security issues of today through his blog, Managing Intellectual Property & IT Security, and is an active participant in the ITtoolbox blogging community. |
|
| ||
| --
SQLProNews is an iEntry, Inc. publication -- iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 2008 iEntry, Inc. All Rights Reserved Privacy Policy Legal advertising info | news headlines | free newsletters | comments/feedback | submit article |
SQLproNews is brought to you by: