MSSQL服务器注入了隐藏的垃圾邮件链接,任何最终解决方案? [英] MSSQL Server injected with hidden spam links, any ultimate solution?
问题描述
我在使用MSSQL Server 2012.连接到此数据库的网站由ASP.NET C#2012开发。
最近我的数据库被黑客攻击或注入垃圾邮件链接,他们都开始相同
I'm using MSSQL Server 2012. The websites connected to this database is developed by ASP.NET C# 2012. Recently my database been hacked or injected by spam links, and they all start the same
<div style="display:none"> .....
一些帮助我做了一个函数来清理更新的字段,是在几天后同样的事情再次发生!
with some help I made a function that cleans the updated fields, but the problem is after few days the same thing happened again!
我可以继续清理数据库,但我想找到一个最终的解决方案,以防止这种情况发生良好。 。任何想法?
I can keep cleaning the database, but I'm trying to find an ultimate solution to prevent this from happening for good.. any ideas?
- 注意:我注意到更新的大多数列都是文本字段nvarchar。
- Note: I noticed most columns updated are text fields "nvarchar".
推荐答案
您的问题几乎肯定是一个SQL注入漏洞。
Your issue is almost certainly a SQL injection vulnerability. Cleaning the database wont resolve this.
查看您接受用户输入未取消宣告的位置的代码,并生成动态SQL。
Look through your code for places where you are accepting user input unsanitized and generating dynamic SQL with it.
这是一个很好的讨论: https://www.acunetix.com / websitesecurity / sql-injection /
Here is a good discussion: https://www.acunetix.com/websitesecurity/sql-injection/
这篇关于MSSQL服务器注入了隐藏的垃圾邮件链接,任何最终解决方案?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!