| |
SQL Injection Finder Tool
By Dan Morrill
Expert Author
Article Date: 2008-07-10
This handy newly updated tool from the Code Plex can help parse your IIS Logs looking for the standard command sequences that indicate someone is trying to do an SQL injection attack against your IIS Servers.
This tool looks at asp pages targeted by the ongoing SQL injection attacks, and lets you know if your system has been probed or scanned by any number of tools that are used to cause these. The idea is to search on a key string "Cast" followed by the usual suspect command sequences as shown below.
ID=UT-47-TP-M17;DECLARE%20@S%20NVARCHAR(4000);SET%20@S=CAST(0x440(Deleted String) 6F007200%20AS%20NVARCHAR(4000));EXEC(@S);--|0|80020009|
Either_BOF_or_EOF_is_True__or_the_current_record_has_been_deleted._Requested_operation_requires_a_current_record.
In all this handy tool can at least help parse those gigabyte size logs and see if you have been scanned, and which pages are the ones that are being hit. This can help focus local resources to help work out what pages are vulnerable, or suspected vulnerable, allowing for repairs to be made.
Comments
About the Author:
Dan Morrill runs Techwag, a site all about his views on social media, education, technology, and some of the more interesting things that happen on the internet. He works at CityU of Seattle as the Program Director for the Computer Science, Information Systems and Information Security educational programs.
|
|
