[thelist] Website Hacked?
anthony at baratta.com
Sat May 24 17:46:14 CDT 2008
Joel D Canfield wrote:
> I'm not sure what's happening to my own db at Crystal Tech, but two
> weeks ago an entire table had a script string dumped into every text
> field. They said "we'll just restore it" without much comment on how it
> happened (they were, in fact, just slightly evasive, which concerned me)
> and now it's happened again. Last time I didn't push for their
> explanation re: whether it was them or me; this time, I'll have to. (The
> only forms I use for the table in question are in a password-secured
> area, not available to anyone but me, so I'm baffled.)
It's not a form hijack issue, it's anytime you use a querystring to pass
data to an SQL state - even a SELECT!
See my previous 3:40p post for more info.
Check your data types (strong typing is critical) before passing on or
building your SQL!!!
"Victory at all costs, victory in spite
of all terror, victory however long and
hard the road may be; for without victory
there is no survival."
-- Winston Churchill
More information about the thelist