Blog

Securing you ASP scripts for SQL injection

Recently I got a client email that his site is affected by malware and Trojan virus. Google safe browsing tool and other firewall security gateway was blocking some of the site URLs.

Site was written in classic asp. When I look into the file contents, no files were modified. Normally if hackers get the ftp details then they modify files and add some iframe code that will load other virus affected sites. But this wasn't case here. So there may be a case of SQL injection. When I looked into database tables, I found some of the fields with having some html code. That html code was loading other sites which are virus infected. Our site is not allowing anyone to add/edit records, however records were modified. This was done by SQL injection using query string parameter.

Read More
By Vikas
Comments(0)
Tags: asp, SQL injections
Decode HTML code with jQuery

In one of the project, we are storing all form fields in json string format (i.e. {"name":"myname", "email":"may@xyz.com", "address":"myaddressdetail"}) in the database table. To avoid the JSON parsing error due to any special characters while retrieving data from database and deserialize the json string, I convert all special characters in the fields value with their HTML-escaped equivalents (by using coldfusion HTMLEditFormat() function). Till this it's works fine but I found the issue with the HTML-escaped equivalents code when I am going to retrieve data with AJAX and placed value to appropriate input field. At here I want to convert the HTML-escaped equivalents code to appropriate special character (i.e. & needs to be converted into & sign).

 
Read More
By Nirav
Comments(0)
Tags: html, javascript, jQuery