Recently, a Mass injection attack has started that is targeted at SQL Injection vulnerabilities within application code, with some of these attacks specifically targeted at ASP and .NET applications in particular. Some of these attacks are even fully automated and are being launched via botnets and other infected systems. The source of these attacks and the attack code being used changes so fast that it is impossible to block at the network level.
SQL Injection and Cross site scripting (XSS) attacks are nothing new. For several years now Computer Security professionals have been warning of massive attacks such as these disrupting normal business operations on the Public Internet. It looks as though this new wave of attacks and new method of infecting clients with malicious code has started.
One way to protect yourself from the attacks described above is to use HTTP POST parameters for input instead of GET parameters. POST parameters are just as vulnerable to injection as GET parameters but the POST parameters will not be as easily found by things such as search engines or automated scans.
Microsoft provides a free security tool called URLScan that restricts the types of HTTP requests that Internet Information Services (IIS) will process. It can be installed on servers running IIS 4.0 or later. URLScan can be configured to block encoded URL’s, unwanted character sets, extremely long requests as well as many other useful features that can help protect your system from known and zero day (unknown) attack vectors. For more information or to download this Microsoft product please go to the following link: http://www.microsoft.com/technet/security/tools/urlscan.mspx
If you do not have access to your application’s source code, you can do some research and ensure the 3rd party application you are using does not have any known existing vulnerabilities. Many 3rd party applications such as phpBB have recently been attacked and exploited. Attackers are again using search engines such as Google to find servers with these vulnerable applications installed and then launching attacks to deface or inject malicious code.
For more information on protecting yourself from Injection vulnerabilities please see the following links: