SQL Injection By Query String

I had read more about SQL Injection, but I have not faced it. Recently, I am working on this project. This is not a new project. This project  is half completed by other developer. Some day ago, when I have checked the live site, any page of this website is not working properly. So I have checked the Live website’s data. I have seen that all the records of this database is append by some html tags. So any page of this website can not opened.

First I have think somebody had credential of  SQL database and he had run sql script to append all the records. So, I had changed the credential of SQL and repair all the data. But After two day I have faced this problem again. So I had start to investigate about this problem with team. First we are trying to find URL which can arise this problem. But how can we find the url because there is no any tracking functionality in the current system. So we had googled it, but we didn’t find any solution. Then one of my project manager (Haresh Patel) tell me that IIS is tracking all the URLs and IP Address. So we had checked the log file of IIS for this website. And we had found one url which contains binary code in url. In this URL query string contains binary code and this query string made SQL Injection. So, first we have block this IP Address and correct the code. Main problem in this system was old developer had used inline query in some places and he had not check query string parameter and append to inline query. Now I had recoded for protect system from this attack and I had used SPs at all the places Thanks to my project managers (Jagdish Patal and Haresh Patel) for solving this problem.


About Amit Prajapati

I am computer Engg. and I am freelancer. I am working on .net technology and I can developed both web as well as window applications. View all posts by Amit Prajapati

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: