473,809 Members | 2,708 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

'Insurance' Code injection attack

Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into
link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection
seems to be occurring after the pre-render event.
Thanks in advance.

Nov 18 '05 #1
6 1312
Is it database driven? It sounds like someone made a bad mistake updating
the database.

"Sati" <an*******@disc ussions.microso ft.com> wrote in message
news:02******** *************** *****@phx.gbl.. .
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into
link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection
seems to be occurring after the pre-render event.
Thanks in advance.

Nov 18 '05 #2
"Sati" <an*******@disc ussions.microso ft.com> wrote in message
news:02******** *************** *****@phx.gbl.. .
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into
link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection
seems to be occurring after the pre-render event.


Download SpyBot S&D and perhaps even HackThis! as it sounds more like you
have a spybot of some sort active.
Nov 18 '05 #3
Thanks.. and yes, the page gets the data from SQL server
2000. And no, its not from the Database or even the Web
server. Its local to the client browser and seems to be in
the IE browser.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on the client machine.

Seems like a BIG security Flaw in IE.


-----Original Message-----
Is it database driven? It sounds like someone made a bad mistake updatingthe database.

"Sati" <an*******@disc ussions.microso ft.com> wrote in messagenews:02******* *************** ******@phx.gbl. ..
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection seems to be occurring after the pre-render event.
Thanks in advance.

.

Nov 18 '05 #4
"sati" <an*******@disc ussions.microso ft.com> wrote in message
news:0d******** *************** *****@phx.gbl.. .
Thanks.. and yes, the page gets the data from SQL server
2000. And no, its not from the Database or even the Web
server. Its local to the client browser and seems to be in
the IE browser.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on the client machine.

Seems like a BIG security Flaw in IE.


If it is a security flaw in IE, then you seem to be the first to find it.

--
John Saunders
John.Saunders at SurfControl.com
Nov 18 '05 #5
It sounds like that machine or the proxy server has a bad version cached.

If you clear the cache and tell IE to get a new page every time does it fix
it?
"sati" <an*******@disc ussions.microso ft.com> wrote in message
news:0d******** *************** *****@phx.gbl.. .
Thanks.. and yes, the page gets the data from SQL server
2000. And no, its not from the Database or even the Web
server. Its local to the client browser and seems to be in
the IE browser.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on the client machine.

Seems like a BIG security Flaw in IE.


-----Original Message-----
Is it database driven? It sounds like someone made a bad

mistake updating
the database.

"Sati" <an*******@disc ussions.microso ft.com> wrote in

message
news:02******* *************** ******@phx.gbl. ..
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection seems to be occurring after the pre-render event.
Thanks in advance.

.

Nov 18 '05 #6
This is weird, it looks like the work of a smart tag installed on IE. . .
But there's no such animal?

Do you get the same behavior on all client machines? Or only some?
On the affected machines, Are there any BHO's installed?

http://www.definitivesolutions.com/bhodemon.htm

-D

"Sati" <an*******@disc ussions.microso ft.com> wrote in message
news:02******** *************** *****@phx.gbl.. .
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into
link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection
seems to be occurring after the pre-render event.
Thanks in advance.

Nov 18 '05 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics
1
1501
'Insurance' code injection attack
by: sati | last post by:
Thanks.. Since my last post, I have identified a few more facts on this case. This code injection occurs in the client browser. The Web server seems to be sending correct page. So far, I have identified just one user machine that seems to be infected. Even in the client machine, if we look at the html source code, this injection code does not exist. If this is true than I have no way of knowing how the page is getting
ASP.NET
5
2349
Injection Attack
by: TCORDON | last post by:
What is the best way to protect a site against it? Does anyone have a RegEx to help validate user input? TIA!
ASP.NET
10
23920
Preventing form injection on Classic ASP pages
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form injection attacks? I'm looking for good routines I can reuse on all of my form processing pages. Thanks.
ASP / Active Server Pages
4
2200
sample validation code for sql injection attact
by: ss | last post by:
hi, can anybody gives me a sample code where the sql injection attack is validated. how can i do that in business logic layer and pass the error to the presentation tier I want the sample code
ASP.NET
0
9721
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...
General
0
10637
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
C / C++
0
10376
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...
Online Marketing
1
10379
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
Windows Server
0
9199
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...
Career Advice
0
6881
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
C# / C Sharp
0
5687
Windows Forms - .Net 8.0
by: adsilva | last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
Visual Basic .NET
1
4332
transfer the data from one system to another through ip address
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
C# / C Sharp
2
3861
muto222
How to add payments to a PHP MySQL app.
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
PHP

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes
How to Post and Respond on Bytes
How to Promote and Link on Bytes
How to increase your Ranking on Bytes
Become a Recognized Expert on Bytes
Feedback Welcomed! Contact Us