Ulimate survey advanced V7.1 SQL injection Attack

Ravibr · 08-27-2008 01:25 PM

We are using Ulimate survey advanced V7.1. It is running on a web server and the backend SQL server 2005 database was running on a different server. We had SQL injection attack from some hacker. They were able to update most of the tables with redirect to some Russian website and that link was trying to download a Trojan virus on to the client machine when people try to access our website.

I had to restore the database from my old backup. As of now i removed the database write permission so the database. Now i give write permission i will be hacked again and if i don't give write permission the application is useless.

Please help us. Please harden your code/SQL and handle application security in a better way, so that you customers will not be effected by SQL injection and other attacks.

**administrator** · 08-27-2008 01:32 PM

We have not had SQL injection attacks reported previously, so it would be beneficial to us to have more information. Could you tell me what specific tables and fields were attacked? Once we have this information we may be able to provide suggestions or a solution to the issue.

Ravibr · 08-28-2008 12:00 PM

Almost all the records in the database were altered.........

**administrator** · 08-28-2008 01:02 PM

Were there any tables left untouched? If so, please tell me specifically which ones.

Checkbox Forums

Thread: Ulimate survey advanced V7.1 SQL injection Attack

LinkBack

Thread Tools

Search Thread

Display

Ulimate survey advanced V7.1 SQL injection Attack

Posting Permissions

CHECKBOX® SURVEY SOFTWARE

Quick links

stay in touch