SQL injection worry

  • hi friends,

    i got a terrible problem,

    some 1 entered my site and changed my password, and he had emailed me telling that my site was hacked and he changed my password to "TheMatriX"

    http://www.jobsdhundo.com

    it is a jobsite i made for software programmers

    iam using msaccess as the backend, so there is no sql injection, but how did he get into my site. any ideas, iam searching on the net for the solution, but still did not have any answers, if any of you can help IN that pls do,

    pls tell me iam using ASP & msaccess , how many ways are there to get into my site.

    iam using simple ASP scripting, anyways any ideas will be appreciated

     

     

    <a href="http://www.websolsoftware.com"> For IT jobs click here</a>

    *Sukhoi*[font="Arial Narrow"][/font]

  • there is tool which check your web sites against the vulnerability 

    http://www.acunetix.com/wvs/ 




    My Blog: http://dineshasanka.spaces.live.com/

  • thanks a lot i will try this tool, if any of you have any other suggestions pls post

    <a href="http://www.websolsoftware.com"> For IT jobs click here</a>

    *Sukhoi*[font="Arial Narrow"][/font]

  • try and share your experience with us here




    My Blog: http://dineshasanka.spaces.live.com/

  • sukhoi971, i was able to log into your website by keying my username and password both as

    ' or ''='

    The problem is that you are not sanitizing your user input in your asp code. Have a read of this article, it should get you started.

    http://www.4guysfromrolla.com/webtech/061902-1.shtml

    Windows 2008 Server | SQL Server 2008

  • The other thing you need to do on your site is correct the usage of English.  there for their and so on.

    No American would use the site because of the poor English used on it.  We have enough problems with our jobs being outsourced to India without helping you do it.

  • R. Stewart's post piqued my interest and so I too took a look at your site.  I must admit, as a dyed-in-the-wool American (with Irish roots ) that I too had difficulty with the language structure on the site. 

    I would also recommend you either have an American friend or hire a technical writer to re-vamp much of your text.  This is NOT a personal slam!  We are hoping for more business for you and that will help with the American public - not that we are snobs, or anything.   

    Good luck, sukhoi971...

    I wasn't born stupid - I had to study.

  • sukhoi971, is it normal that we can still login with this injection technic, or you're simply using a bogus account??

    If the later, then I would strongly suggest that you avoid that because the user doesn't need to be logged in to cause damage.

  • Lol, thats cool, even if some 1 manages to get in, he will always be able to damage only userid, so no real damage, and i was so worried about the security

    lol

    and thts mine userid

    hehe

    <a href="http://www.websolsoftware.com"> For IT jobs click here</a>

    *Sukhoi*[font="Arial Narrow"][/font]

  • Words were written considering search engines not english, most indians understand that english, that is for indian people to post c.v

    ya there were some typos,most were fixed, becoz my keyboard is bit hard.

    if u check my site in google,yahoo,msn

    for " banglore jobs " you will find my site

    http://jobsdhundo.com/jobseekers/jobsearchresults.asp

    appear in top list

    in case of google on second page

    <a href="http://www.websolsoftware.com"> For IT jobs click here</a>

    *Sukhoi*[font="Arial Narrow"][/font]

  • is your site still down?

  • what do you mean, down??, my site was never down, if it was down please tell me the time

    <a href="http://www.websolsoftware.com"> For IT jobs click here</a>

    *Sukhoi*[font="Arial Narrow"][/font]

Viewing 12 posts - 1 through 11 (of 11 total)

You must be logged in to reply to this topic. Login to reply