Mark: Thanks for the reply. I think the title of my email may have been misleading in that I'm not positive it was a SQL Injection attack. Because of some malicious code I've found on the file system, code that would allow an attacker to make sweeping changes to the database, I'm concerned that they may have appended additional code to varchar fields a la a SQL Injection attack. While the reverse code is great, I can't use it here because I haven't yet found any (nor do I know for sure that there is any) SQL Injection code to reverse.
I'm hoping to find a scanner that can tell me if any of those fields appear suspicious. Something that would report on any varchar fields contain "script", etc. Thanks. -- Mosh Teitelbaum evoch, LLC Tel: (301) 942-5378 Fax: (301) 933-3651 Email: mosh.teitelb...@evoch.com WWW: http://www.evoch.com/ > -----Original Message----- > From: Mark Kruger [mailto:mkru...@cfwebtools.com] > Sent: Wednesday, October 21, 2009 3:30 PM > To: cf-talk > Subject: RE: After the fact: SQL Injection Scanner > > > If the injection was the one that went around a few months ago - check > out > this post > > http://www.coldfusionmuse.com/index.cfm/2008/7/18/Injection-Using-CAST- > And-A > SCII > > There is a "reverse" stored procedure that can undo the damage down in > the > comments. Be sure and read the post and comments (and related posts) - > otherwise you will fight this over again until you get it right :) > > -Mark > > > > Mark A. Kruger, CFG, MCSE > (402) 408-3733 ext 105 > www.cfwebtools.com > www.coldfusionmuse.com > www.necfug.com > > -----Original Message----- > From: Mosh Teitelbaum [mailto:mosh.teitelb...@evoch.com] > Sent: Wednesday, October 21, 2009 2:10 PM > To: cf-talk > Subject: After the fact: SQL Injection Scanner > > > All: > > > > A client called today letting me know that their server had been > breached > and that some malicious code had been uploaded to the site. After > doing > some research into the particular files that were uploaded, it turns > out > that the attack is also usually accompanied by a SQL Injection attack. > Their database is huge and, instead of manually going through the > database > looking for altered records, I thought to write some code that would > scan > the records and report any potential problems. Before doing that, does > anyone know of any existing code that does that? > > > > Thanks in advance. > > > > -- > > Mosh Teitelbaum > > evoch, LLC > > Tel: (301) 942-5378 > > Fax: (301) 933-3651 > > WWW: http://www.evoch.com/ > > > > > > > > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:327468 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
