I have website as Classic ASP as Front end and SQL Server 2005 as Back end.
But I am facing a very strange SQL injection on my back end.
Some type of CSS with HTML with spamming site is appending their code to my website database with each table and with each varchar type columns.
For e.g.
</title><style>.am1y{position:absolute;clip:rect(405px,auto,auto,405px);}</style><div class=am1y>same day <a href=http:
I Checked My IIS Log It shows me like this
2013-06-09 19:15:54 GET /mypage.asp%3C/title%3E%3Cstyle%3E.axo5{position:absolute;clip:rect(404px,auto,auto,404px);}%3C/style%3E%3Cdiv%20class=axo5%3Eapproval%20%3Ca%20href=http:/mazzpaydayloans.com%20%3Epayday%20loans%3C/a%3E%3C/div%3E - - 204.13.205.99 HTTP/1.1 Mozilla/4.0+(compatible;+MSIE+6.0;+Windows+NT+5.1;+SV1) loginfailure=chance=0&bantime=;+ASPSESSIONIDSSDRRCQQ=EDPHPJGCGLMKOADICKHODKBM - www.mysite.com 404 0 281 543 78
On my this selected ASP Page all SQL queries are parametrized.
But still this issue is persists.