473,408 Members | 1,821 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > 'insurance' code injection attack

Join Bytes to post your question to a community of 473,408 software developers and data experts.

'Insurance' code injection attack

Thanks.. Since my last post, I have identified a few more
facts on this case.

This code injection occurs in the client browser. The Web
server seems to be sending correct page. So far, I have
identified just one user machine that seems to be infected.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on other client machines.

Seems like a BIG security Flaw in IE.

However, for this time, do you think Spybot S&D or
HackThis can take care of this?

Does anyone else have any more bright ideas on this one?

-----Original Message-----
"Sati" <an*******@discussions.microsoft.com> wrote in messagenews:02****************************@phx.gbl...
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection seems to be occurring after the pre-render event.
Download SpyBot S&D and perhaps even HackThis! as it

sounds more like youhave a spybot of some sort active.
.

Nov 18 '05 #1
1 1479
This isn't as much a security flaw of IE as it is of platforms in general.
If the user can run arbitrary code with administrative permissions, then the
user can run a virus that modifies their system to do basically anything it
wants. Run a virus scanner and a spyware remover, and this should clean up
most things. If your users are in a corporate environment, then plan an
initiative to get everyone in your organization running as limited users who
are no allowed to run arbitrary code on the machine.

--
Chris Jackson
Software Engineer
Microsoft MVP - Windows Shell/UI
Windows XP Associate Expert
--
More people read the newsgroups than read my email.
Reply to the newsgroup for a faster response.
(Control-G using Outlook Express)
--

"sati" <an*******@discussions.microsoft.com> wrote in message
news:07****************************@phx.gbl...
Thanks.. Since my last post, I have identified a few more
facts on this case.

This code injection occurs in the client browser. The Web
server seems to be sending correct page. So far, I have
identified just one user machine that seems to be infected.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on other client machines.

Seems like a BIG security Flaw in IE.

However, for this time, do you think Spybot S&D or
HackThis can take care of this?

Does anyone else have any more bright ideas on this one?

-----Original Message-----
"Sati" <an*******@discussions.microsoft.com> wrote in

message
news:02****************************@phx.gbl...
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection seems to be occurring after the pre-render event.


Download SpyBot S&D and perhaps even HackThis! as it

sounds more like you
have a spybot of some sort active.
.

Nov 18 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
'Insurance' Code injection attack
by: Sati | last post by:
Hi All, Does anyone know how to clean a asp application from a virus that converts labels with the word 'Insurance' into link button to a web page. It also injects text in the textbox when the...
ASP.NET
4
SQL Injection Attacks
by: poppy | last post by:
I think a site I developed has been the victim of a sql injection attack.I know how to stop this happening in future but: Is there any way I can trace such an attack?
ASP.NET
5
Injection Attack
by: TCORDON | last post by:
What is the best way to protect a site against it? Does anyone have a RegEx to help validate user input? TIA!
ASP.NET
10
Preventing form injection on Classic ASP pages
by: bregent | last post by:
I've seen plenty of articles and utilities for preventing form injections for ASP.NET, but not too much for classic ASP. Are there any good input validation scripts that you use to avoid form...
ASP / Active Server Pages
4
sample validation code for sql injection attact
by: ss | last post by:
hi, can anybody gives me a sample code where the sql injection attack is validated. how can i do that in business logic layer and pass the error to the presentation tier I want the sample...
ASP.NET
8
Email injection on a contact form
by: stirrell | last post by:
Hello, One problem that I had been having is stopping email injections on contact forms. I did some research, read up on it and felt like I had created a working solution. I hadn't gotten any...
PHP
29
IIS SQL Injection woes...
by: sinbuzz | last post by:
Hi, I'm curious about the best way to avoid SQL Injection attacks against my web server. Currently I'm on IIS. I might be willing to switch to something like Apache but I'm not sure if SQL...
C# / C Sharp
2
SQL Injection Attack
by: ozzii | last post by:
I have read a number of articles on sanitizing user input before executing SQL queries to prevent SQL injection attacks. I have a html form which a user can fill in - the information from which...
ASP / Active Server Pages
16
SQL Injection Attack Discussion
by: ChipR | last post by:
Since we're talking about filters, make sure you also use a filter for semicolons (at the minimum) on any input that is going directly into an SQL statement to prevent your entire database from being...
Microsoft Access / VBA
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
tracyyun
Discussion: How does Zigbee compare with other wireless protocols in smart home applications?
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
General
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
Couldn’t get equations in html when convert word .docx file to html file in C#.
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and...
C# / C Sharp

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!