Click here to Skip to main content
15,610,690 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
My Database table values are injected with the script <script src=""> . Never came across this issue.i have restored my database now temporarily.Please help me to get out of this issue permanently..

1 solution

I think, you have been a victin of hacking through SQL injection. You need to take immediate action.

SQL injection is one of the most common mode of hacking attack and most dangerous one too. Though, you can minimize the risk by taking appropriate measures.
In most cases,
1. you have not sanitized user-input in common pages, like FAQ, contact us.
2. Or you have not sanitized the query-string in the page.

What an attacker does is append an SQL query to read all table names and column name and insert some links in those columns.

To check exactly what has happened, check IIS log of the server. There you will find some strange URLs.

As immediate measure, See, if you can block suspsected IP (that you may get from analyzing IIS logs). You may write a query to do a full index search for such suspected word to see if you are infected.

You will need to do some reading to stop.
SQL Injection:[^][^]
SQL Injection Attacks and Some Tips on How to Prevent Them[^]

Hope that helps.
Share this answer
sivasankari ts 5-Nov-12 1:57am    
Mine is a dedicated server hosting account..I askesd about sql injection to my support executive.He is saying it is the malware attack and not an injection
MT_ 5-Nov-12 2:00am    
For a moment, I thought OK. But then, how that malware got access to the database. And dedicated server hosting does not prevent SI. It is basically vulnerabilities or loopholes left open in the front end code. I hope your support executive is right, Please do not overlook SI possibilities.
sivasankari ts 5-Nov-12 2:04am    
In case of shared hosting? Image uploading has the chance of malware attack? if so how we can prevent?
MT_ 5-Nov-12 2:08am    
Well, I am not the best person to answer that and your hosting compnay can tell give you details. What little I know, to avoid malware, having good anti-virus is absolutely important and keeping it up-to-date is critical for it.
fjdiewornncalwe 5-Nov-12 12:46pm    
+5. SQL Injection is the responsibility of the developer to fix, not the site host, so you're 100% correct.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900