Tracking Sql Injection

Tracking a Sql Injection Attack

Thursday, 14 June 2007

Another day at work, A simple line of code:

Did quite a bit of damage updating an entire column with the hackers link.
Well our job was to identify the attacker. and we did it.
First we had to know the precise data and time. ref

Well the attack update a SQL database, first we searched SQL logs and server events but nothing.
The only way was to read the transaction logs, where SQL has register every single actions performed into the DB.
All we needed was a way to read that DB transaction log database.ldf file.
The program called ApexSQL log did the job quite well. We were able to get the date and time of the update.
Now is the time to search IIS logs. Not so difficult, we looked that day and time and wolla:

tipo=offerta&id=12update+offerte+set+titolo=’hackckersite.org/”>

So we identify the hacker IP, if he was not smart enoguh to use a proxy!
At this point we contact their ISP and inform about the activity.

Leave a Reply

Your email address will not be published. Required fields are marked *

VAMOVE *

*