473,387 Members | 1,549 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > recent round of sql injection attacks

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Recent round of SQL injection attacks

We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the
attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
no difference. So...

Are these hackers cargo cultists? Or am I missing something?


--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.
Jul 2 '08 #1
1 1617
Dave Anderson wrote:
We log hundreds of SQL injection attempts per day -- the type with
CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last
thing the attack does is DEALLOCATE its cursor. My SQL Server DBA
tells me this makes no difference. So...

Are these hackers cargo cultists? Or am I missing something?

I think it used to be necessary, at least in SQL 6.5 ... I remember
reading about all sorts of dire consequences if a cursor was not
explicitly closed and deallocated.

BOL has said since SQL7:
A cursor variable does not have to be explicitly deallocated. The
variable is implicitly deallocated when it goes out of scope.

So I guess the cargo has landed on the hackers' island...

--
Microsoft MVP -- ASP/ASP.NET
Please reply to the newsgroup. The email account listed in my From
header is my spam trap, so I don't check it very often. You will get a
quicker response by posting to the newsgroup.
Jul 2 '08 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Preventing SQL injection attacks
by: Martin Lucas-Smith | last post by:
Can anyone provide any suggestions/URLs for best-practice approaches to preventing SQL injection? There seems to be little on the web that I can find on this. Martin Lucas-Smith ...
PHP
2
SQL injection attacks
by: freddy | last post by:
I would like to get more information on securing my windows apps from SQL injection attacks. There is so much stuff on web apps, but I can't find info on win apps. Can you help me
C# / C Sharp
4
SQL Injection Attacks
by: poppy | last post by:
I think a site I developed has been the victim of a sql injection attack.I know how to stop this happening in future but: Is there any way I can trace such an attack?
ASP.NET
9
Protecting SQL injection attacks (text input functino)
by: Darrel | last post by:
I'm learning a bit about the SWL injection issues and want to write a shared class that I can call from anywhere in my project to 'sanitize' any incoming text from textfields before sending to the...
ASP.NET
5
Injection Attack
by: TCORDON | last post by:
What is the best way to protect a site against it? Does anyone have a RegEx to help validate user input? TIA!
ASP.NET
5
solution for preventing injection attacks
by: www.douglassdavis.com | last post by:
I have an idea for preventing sql injection attacks, however it would have to be implemented by the database vendor. Let me know if I am on the right track, this totally off base, or already...
PHP
7
email validation: just enough to prevent sql injection
by: e_matthes | last post by:
Hello everyone, I've read enough about email validation to know that the only real validation is having a user respond to a confirmation message you've sent them. However, I want to store the...
Javascript
29
IIS SQL Injection woes...
by: sinbuzz | last post by:
Hi, I'm curious about the best way to avoid SQL Injection attacks against my web server. Currently I'm on IIS. I might be willing to switch to something like Apache but I'm not sure if SQL...
C# / C Sharp
2
How can SQL injection attacks compromise ADODB Connections?
by: Jerry Winston | last post by:
We all know SQL injection attacks can easily get break SQL command strings concatenated with unsanitized user input fields: set commandObj = Server.CreateObject("ADODB.Connection") set rs =...
ASP / Active Server Pages
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!