1

I am facing a very strange problem. one of my client server, there is problem in sql tables. In some tables column there have automatically html div added with specific link, for more understanding i have attached screen shots for the same.

enter image description here

I have already read this below question, Sql Injection : Data Appended automatically to table column but all in vain. May be this is sql injection so i need a proper solution.

Below is my sql Code

if not exists (select Request_id from T0040_Change_Request_Master where Cmp_Id = @Cmp_ID and Request_type = 'Birthdate Change')
begin
        declare @Request_id1 numeric
        select  @Request_id1 = isnull(MAX(Tran_id),0) + 1 from T0040_Change_Request_Master
        INSERT INTO T0040_Change_Request_Master (Tran_id,Request_id,Request_type,Cmp_ID)VALUES(@Request_id1,1,'Birthdate Change',@Cmp_ID)
end

if not exists (select Request_id from T0040_Change_Request_Master where Cmp_Id = @Cmp_ID and Request_type = 'Branch Change')
begin
        declare @Request_id2 numeric
        select  @Request_id2 = isnull(MAX(Tran_id),0) + 1 from T0040_Change_Request_Master
        INSERT INTO T0040_Change_Request_Master (Tran_id,Request_id,Request_type,Cmp_ID)VALUES(@Request_id2,2,'Branch Change',@Cmp_ID)
end

if not exists (select Request_id from T0040_Change_Request_Master where Cmp_Id = @Cmp_ID and Request_type = 'Shift Change')
begin
        declare @Request_id3 numeric
        select  @Request_id3 = isnull(MAX(Tran_id),0) + 1 from T0040_Change_Request_Master
        INSERT INTO T0040_Change_Request_Master (Tran_id,Request_id,Request_type,Cmp_ID)VALUES(@Request_id3,3,'Shift Change',@Cmp_ID)
end

if not exists (select Request_id from T0040_Change_Request_Master where Cmp_Id = @Cmp_ID and Request_type = 'Marital Status Change')
begin
        declare @Request_id4 numeric
        select  @Request_id4 = isnull(MAX(Tran_id),0) + 1 from T0040_Change_Request_Master
        INSERT INTO T0040_Change_Request_Master (Tran_id,Request_id,Request_type,Cmp_ID)VALUES(@Request_id4,4,'Marital Status Change',@Cmp_ID)
end
Community
  • 1
  • 1
Sumit Pathak
  • 671
  • 1
  • 6
  • 25
  • That is most likely indeed injection attack, however it might be much more serious than that as well (compromised code/bugged software). The added code is not enough to help find it. Basically - you'll need to find all places you access the database, and figure out whether or not that code is safe from injection attack. To help find the attack vector, you can try to identify when the data was changed (or the date period) and check IIS logs or windows event viewer and see if you can identify the requests - because that will help you very much with finding the issue. – Allan S. Hansen Mar 31 '16 at 06:50
  • thanks allan but its on client server so i am not able to trace iis logs. so if this the sql injection so what is the solution for that. ? – Sumit Pathak Mar 31 '16 at 08:29
  • 1
    Any place where you take input and do not use parametrized queries/stored procedures are at risk for injection attack. As said - the attack might also be because of compromised software/server - but this does look like injection attacks. – Allan S. Hansen Mar 31 '16 at 08:36
  • so how i stop this and what should i do for that. – Sumit Pathak Mar 31 '16 at 08:39

0 Answers0