| |
SQL Injection Finder Tool
By Dan Morrill
Expert Author
Article Date: 2008-07-10
This handy newly updated tool from the Code Plex can help parse your IIS Logs looking for the standard command sequences that indicate someone is trying to do an SQL injection attack against your IIS Servers.
This tool looks at asp pages targeted by the ongoing SQL injection attacks, and lets you know if your system has been probed or scanned by any number of tools that are used to cause these. The idea is to search on a key string "Cast" followed by the usual suspect command sequences as shown below.
ID=UT-47-TP-M17;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440(Deleted String) 6F007200%20AS%20NVARCHAR(4000));EXEC(@S);--|0|80020009|
Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
In all this handy tool can at least help parse those gigabyte size logs and see if you have been scanned, and which pages are the ones that are being hit. This can help focus local resources to help work out what pages are vulnerable, or suspected vulnerable, allowing for repairs to be made.
Comments
About the Author:
Dan Morrill has been in the information security field for 18 years, both
civilian and military, and is currently working on his Doctor of Management.
Dan shares his insights on the important security issues of today through
his blog, Managing
Intellectual Property & IT Security, and is an active participant in the
ITtoolbox blogging community.
|
|
