When it comes to SQL injection detection, we at The Daily WTF could be doing better. It's not that I don't trust Alex's modifications to our CMS system to be injection-proof, I'm just saying that I'd prefer that you people didn't post comments like "') DELETE FROM Articles --". Or, if you must, at least "') DELETE FROM Articles WHERE Author_Name <> 'Jake Vinson' --".

But I'm getting ahead of myself. The point here is that we should've employed a strategy that B. V. tipped us off to so we could learn when "Some one [was] trying to Hack the Site."

sqlArray = "select%20|delete%20|update%20|insert%20|create%20|alter%20|drop%20|truncate%20|sp_"
idx = split(sqlArray,"|")
InjectionFound = false
for i = 0 to ubound(idx)
    'Response.Write(idx(i))
    pos=InStr(1,Request.QueryString,idx(i),0)
    if pos <> 0 then
        InjectionFound = true          
        exit for
    else
        InjectionFound = false
    end if
next

if InjectionFound = false then 
    'Response.Write("Injection(s) Not Found")
else

    strContents =  "Some one is trying to Hack the Site please check detials given below" & "<br><br>"
    strContents = strContents &"QUERY_STRING = " & Request.ServerVariables("QUERY_STRING") & "<br>"
    strContents = strContents & "REMOTE_ADDR = " & Request.ServerVariables("REMOTE_ADDR") & "<br>"
    strContents = strContents & "REMOTE_HOST = " & Request.ServerVariables("REMOTE_HOST") & "<br>"
    strContents = strContents & "REMOTE_USER = " & Request.ServerVariables("REMOTE_USER") & "<br>"
    strContents = strContents & "REQUEST_METHOD = " & Request.ServerVariables("REQUEST_METHOD") & "<br>"
    strContents = strContents & "SCRIPT_NAME = " & Request.ServerVariables("SCRIPT_NAME") & "<br>"
    strContents = strContents & "SERVER_NAME = " & Request.ServerVariables("SERVER_NAME") & "<br>"

    Set objCDO = Server.CreateObject("CDONTS.NewMail")
    objCDO.MailFormat = 0 ' html format
    objCDO.BodyFormat = 0 ' html format
    objCDO.To         = "[email protected]"
    objCDO.From       = "[email protected]"
    objCDO.Importance  = 2
    objCDO.Subject    = Request.ServerVariables("SERVER_NAME") & " | Hacker Info"
    objCDO.Body       = strContents
    objCDO.Send

    Response.Redirect("/")
    Response.end
end if

My favorite part is the commented-out "Injection(s) Not Found" alert. Prior to its removal, I wonder how many hundreds or thousands of requests helpfully informed users that they weren't trying to hack the site.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!