Does anyone have any insight regarding SQL injection involving a table name t_jiaozhu? Is this a new hack script or old? I am having a hard time finding any clear details other than ways to stop injection from happening. This I know, what I am trying to figure out is what damaged may have been caused (worse case) and what would be a good plan of attack to figure out what steps suceeded/failed.
A google search should show that SQL Injections is at least as old as ASP. The ways to stop SQL Injection attacks are:
1) check your inputs
2) use stored procedures, instead of dynamic SQL
3) check your inputs
4) use command objects with parameters, instead of just rs.open(qry).
5) check your inputs