Em Andamento

Small Complete Website Has SQL Injection Point and Site Search Fix

Hello Coders,

I currently work for a small ISP/Hosting company, we contracted for a website to be built, and a month after it was finished it started getting attacked with SQL Injection, we contacted the original coder and he basically said to bad and would no longer return calls or emails. i do believe I have found the page that is vulnerable, but have no experience in the area. The page is build in asp. FTP and sql server access will be granted, Hoping to get this done in a costly matter. I remove the malicious code from the sql fields, but within a day the page is attacked again. Your help would be appreciated greatly. Also the possiblity for writing a search script for the site, the one that was written by him was broke or never uploaded. Below is a sample of the code. The site is located at [url removed, login to view]

Thank You,

Richard Dissell

* * *

<%@LANGUAGE="VBSCRIPT" CODEPAGE="1252"%>

<!--#include file="[url removed, login to view]" -->

<%

Dim prodConfig__MMColParam

prodConfig__MMColParam = "1"

If ([url removed, login to view]("prod") <> "") Then

prodConfig__MMColParam = [url removed, login to view]("prod")

End If

%>

<%

Dim prodConfig

Dim prodConfig_numRows

Set prodConfig = [url removed, login to view]("[url removed, login to view]")

[url removed, login to view] = MM_cscConnect_STRING

[url removed, login to view] = "SELECT * FROM [url removed, login to view] WHERE prodID = " + Replace(prodConfig__MMColParam, "'", "''") + ""

[url removed, login to view] = 0

[url removed, login to view] = 2

[url removed, login to view] = 1

[url removed, login to view]()

prodConfig_numRows = 0

%>

<%

Dim prodNumber__MMColParam

prodNumber__MMColParam = "1"

If ([url removed, login to view]("add") <> "") Then

prodNumber__MMColParam = [url removed, login to view]("add")

End If

%>

<%

Dim prodNumber

Dim prodNumber_numRows

Set prodNumber = [url removed, login to view]("[url removed, login to view]")

[url removed, login to view] = MM_cscConnect_STRING

[url removed, login to view] = "SELECT * FROM [url removed, login to view] WHERE ID = " + Replace(prodNumber__MMColParam, "'", "''") + ""

[url removed, login to view] = 0

[url removed, login to view] = 2

[url removed, login to view] = 1

[url removed, login to view]()

prodNumber_numRows = 0

%>

Habilidades: ASP, PHP

Ver mais: writing matter for website, writing fix website, writing com search, sql server open source, search for coders, open source sql, getting help with writing for a website, fix i-5 website, fix attacked website, code writing website, area of a point, 5 and below, sql experience, richard day, vulnerable, sql injection, get sql help, build sql, broke, website sql injection, vbscript php, sql server 2008 access, vbscript ftp, search open source code, sql search asp

Acerca do Empregador:
( 1 comentário ) United States

ID do Projeto: #3011823

Premiar a:

keithyox1

See private message.

$127.5 USD em 14 dias
(42 Avaliações)
5.6

15 freelancers estão ofertando em média $99 para este trabalho

crajeshbe

See private message.

$85 USD in 14 dias
(66 Comentários)
5.9
miguelgarcia78

See private message.

$119 USD in 14 dias
(76 Comentários)
5.2
GRESOL

See private message.

$85 USD in 14 dias
(17 Comentários)
4.7
micronuxsoft

See private message.

$68 USD in 14 dias
(22 Comentários)
4.7
Matija

See private message.

$85 USD in 14 dias
(41 Comentários)
4.5
jrsansom

See private message.

$58.65 USD in 14 dias
(23 Comentários)
4.5
dennisgrant

See private message.

$127.5 USD in 14 dias
(7 Comentários)
4.2
davidtheele

See private message.

$68 USD in 14 dias
(11 Comentários)
3.4
erickeeney

See private message.

$63.75 USD in 14 dias
(8 Comentários)
3.0
vw6960886vw

See private message.

$21.25 USD in 14 dias
(1 Comentário)
1.9
gerodev

See private message.

$170 USD in 14 dias
(0 Comentários)
0.0
rc0209

See private message.

$51 USD in 14 dias
(0 Comentários)
0.0
markpegler

See private message.

$127.5 USD in 14 dias
(0 Comentários)
0.0
itaceweb

See private message.

$85 USD in 14 dias
(1 Comentário)
0.0
AnthonyWilshaw

See private message.

$212.5 USD in 14 dias
(1 Comentário)
0.0