How to find out the affected tables in Sql Injection.

Question

0.00/5 (No votes)

See more:

SQL-Server-2005

Dear Friends,

Some one have entered few data in my tables in my DB.It is a SQL Injection.Now I want to find out how many tables are affected with the particular.The data received was

C#

<title><style fontsize:10px>

Posted 23-Sep-13 23:09pm

Arunprasath Natarajan

Updated 23-Sep-13 23:22pm

Thanks7872

v2

Add a Solution

4 solutions

Solution 1

The first thing to do is make sure your code can't allow it again! But assuming that you have done that...
If you mean you need to find all the rows and columns containing that specific text, you can use the CONTAINS clause in your WHERE, provided your table is full text indexed.:

SQL

SELECT * FROM MyTable WHERE CONTAINS((Column1, Column2), '<title><style fontsize:10px>')

If it isn't, then you will have to use a LIKE clause on each column specifically.

Posted 23-Sep-13 23:23pm

OriginalGriff

Solution 4

Hello Arunprasath Natarajan,

Do you have access to IIS log files? There you can check sql injection queries that were used. This should work for queries using GET.

If the injection was made with POST method, verify if the code you're using logs the POST information.

Regards,
JAFC

Posted 23-Sep-13 23:28pm

José Amílcar Casimiro

Comments

Arunprasath Natarajan 24-Sep-13 5:41am

Thank you for information, can to say me or share me any link related to "How to check log files in IIS"

José Amílcar Casimiro 24-Sep-13 8:44am

Google it. ;)

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Madhu Nair · Accepted Answer · 2013-09-23T23:24:00

Solution 2

The below may be of help to you

http://stackoverflow.com/questions/15757263/find-a-string-by-searching-all-tables-in-sql-server-management-studio-2008

Posted 23-Sep-13 23:24pm

Madhu Nair

uspatel · Accepted Answer · 2013-09-23T23:27:00

Solution 3

I think,you want to search this string in your database tables.
Plz see this thread
http://stackoverflow.com/questions/591853/search-for-a-string-in-an-all-the-tables-rows-and-columns-of-a-sqll-server-db[^]

Posted 23-Sep-13 23:27pm

uspatel