Resources /
Umbraco Tips And Tricks / Detecting SQL Injection Attacks
Detecting SQL Injection Attacks In Umbraco
I had an Umbraco site that was being attacked by SQL injection. To find the source of the attack, I logged every URL and form submission that looked suspicious. I had the code email me when sql like commands were being used in URLs and from fields. This could probbly be written in a Razor Macro but the current implementation is in C#
public partial class LogActivity : System.Web.UI.UserControl
{
protected void Page_Init(object sender, EventArgs e)
{
bool error;
string path = Request.PhysicalApplicationPath + "logfiles\\siteattack.txt";
StreamWriter log = File.AppendText(path);
string line = Request.Url.ToString() + " " + GetForm();
log.WriteLine(line);
error = Notify(line);
//would like to use the code below when I can find a regular expression that works rather than blocking ( and [ etc
//if (error)
//don't continue execution - this could be a SQL attack
//Response.End();
log.Close();
log.Dispose();
}
private string GetForm()
{
string form = "";
foreach (string key in Request.Form.Keys)
{
if (key != "__VIEWSTATE" && key != "__EVENTTARGET" && key != "__EVENTARGUMENT" && key != "__LASTFOCUS")
form += key + "=" + Request.Form[key];
}
return form;
}
public bool Notify(string line)
{
bool error = false;
if (line.ToLower().IndexOf("select") != -1 || line.ToLower().IndexOf("[") != -1 || line.ToLower().IndexOf("(") != -1 || line.ToLower().IndexOf("update") != -1 || line.ToLower().IndexOf("insert") != -1)
{
umbraco.library.SendMail("from_email_address", "to_email address", Request.ServerVariables["SERVER_NAME"], line, false);
error = true;
}
return error;
}
}