Recent round of SQL injection attacks

Discussion in 'ASP General' started by Dave Anderson, Jul 2, 2008.

  1. We log hundreds of SQL injection attempts per day -- the type with
    CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last thing the
    attack does is DEALLOCATE its cursor. My SQL Server DBA tells me this makes
    no difference. So...

    Are these hackers cargo cultists? Or am I missing something?




    --
    Dave Anderson

    Unsolicited commercial email will be read at a cost of $500 per message. Use
    of this email address implies consent to these terms.
    Dave Anderson, Jul 2, 2008
    #1
    1. Advertising

  2. Dave Anderson wrote:
    > We log hundreds of SQL injection attempts per day -- the type with
    > CAST(0x44004500... AS VARCHAR(4000)). It amuses me that the last
    > thing the attack does is DEALLOCATE its cursor. My SQL Server DBA
    > tells me this makes no difference. So...
    >
    > Are these hackers cargo cultists? Or am I missing something?
    >
    >

    I think it used to be necessary, at least in SQL 6.5 ... I remember
    reading about all sorts of dire consequences if a cursor was not
    explicitly closed and deallocated.

    BOL has said since SQL7:
    A cursor variable does not have to be explicitly deallocated. The
    variable is implicitly deallocated when it goes out of scope.

    So I guess the cargo has landed on the hackers' island...

    --
    Microsoft MVP -- ASP/ASP.NET
    Please reply to the newsgroup. The email account listed in my From
    header is my spam trap, so I don't check it very often. You will get a
    quicker response by posting to the newsgroup.
    Bob Barrows [MVP], Jul 2, 2008
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. poppy

    SQL Injection Attacks

    poppy, Nov 2, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    398
    Scott Allen
    Nov 3, 2004
  2. Darrel
    Replies:
    9
    Views:
    3,615
    Steve C. Orr [MVP, MCSD]
    Nov 11, 2004
  3. Replies:
    44
    Views:
    4,021
    Lee Fesperman
    Mar 16, 2005
  4. steve813

    WSDL and SQL Injection Attacks

    steve813, Nov 29, 2006, in forum: ASP .Net Web Services
    Replies:
    1
    Views:
    283
    John Saunders
    Nov 30, 2006
  5. Ken Bloom
    Replies:
    5
    Views:
    198
    Ken Bloom
    Apr 30, 2008
Loading...

Share This Page