Wednesday, January 4, 2012

SQL Injection Happen? Nope!

Having pulled all those IIS logs has already paid off.  Within minutes of being asked if we were vulnerable to a new SQL injection attack I was able to quickly rediscover how to "grep" in windows. 

The quoted string portion is a subset of the attack:
    FINDSTR /S /N /I "73657420616e73695f7761726e696e6773206f66662044454" *.log
Within a minute gigabytes of log files were evaluated, and it was definitive the attack had not hit nor propigated on our servers.

In truth, we were safe from this attack anyways, because we'd invested years ago in ensuring that all of our DB access was through parameterized stored procedures. It's tough for those that haven't yet protected themselves--the effort to change from the other coding practice can be significant.