View Single Post
Old 07-29-08, 08:12 AM   #3
Join Date: Mar 2004
Posts: 15,486
Default Re: SQL Injection Attacks on ASP/ASP .net

Originally Posted by tornadog View Post
Anybody have any quick fix code to check for possible cross scripting in querystring values? We had an attack through a thirdparty control's code, so we had no way of trapping the querystring parameters. funny thing was only data in one of the tables we were using for auditting transactions was affected. rest of the data was left intact. I guess we were just lucky!!!!
arent you escaping the strings?

dont know how to do it in, but i know in PHP there are functions to do so. you may need to write your function to do it.



did you guys put a page up without escaping the user input? jeeze, that's security 101.
ViN86 is offline   Reply With Quote