Something/Someone Compromising Database -- Replacing Data With Javascript
May 19, 2008
Has anyone ever seen this code (I put the script tags in brackets so it would not get embedded in forum page)?
[script src=http://www.qiqigm.com/m.js][/script]
We have a number of MSDE 2000 databases running on a Windows 2003 SBS. These databases feed information to their respective websites. One of our databases (and on this one only) something or someone is somehow overwriting the text and varchar fields in all of the tables in the database and replacing it with the above or similar javascript. I've been a database developer and administrator for a long time and I have not a clue how this is being accomplished. When this code replaces our data, what ends up happening is 1) the virus detectors start going off the chart if you go to the site and 2) the script somehow appears to attempt to mimic the site its taken over.
When I do a search on qiqigm to see if anybody has had this problem before, really the results you get are pages and pages of sites that appear to be infected directly with the same bogus javascript code...and not a word about what it is or where its coming from. In our case, and it appears many others by looking, replacing the product description or title description or ordering information in the database causes the script to be written to the browser where otherwise the product/order information would be. This causes the script to run when the page is loaded. Since it overwrites the data in all fields in all tables, it assures itself that it will get displayed no matter what a user attempts to do on the site.
On this database, the only user that has access to the database is the IUSR_<domainadmin> account.
I restored this particular database a couple of days ago to an uninfected backup. I had done this before, but the script would eventually manifest itself again at some point. This time I have removed the ability to get to the product pages for now until we figure out the problem. This appears to be keeping the beast at bay. So far (2+ days), the database has remained in tact.
Anybody got a clue as to what it is I'm up against?
TIA,
Ray Jefferson
Database Whiz Consulting
2657 Windmill Pkwy #158
Henderson, NV 89074702-376-6955
View 8 Replies
ADVERTISEMENT
Oct 8, 2015
when prod db is restored in test server, i have to hide/replace sensitive fields (name, phone etc)Is it doable in SQL 2008 and SQL 2012?
View 5 Replies
View Related
Mar 5, 2008
I work on a copy of SQL Server Express on my desktop. After modifying and creating views and user defined functions, I would like to copy and paste them into the working database. Is there a method programmatically of doing this or must I copy and paste the t-sql language from the existing view to the new database--then save the new view on the working database?
View 6 Replies
View Related
Jan 12, 2008
Hello all
I need to fill javascript array from database on page load
I need your advice , any tutorial please ..
thank you
View 3 Replies
View Related
Mar 12, 2008
hi,
i have created a database where information on the web page is pulled out from the database. however i need to add javascript functionality to it. does anyone have any suggestions as to how i can achieve this and what is the best way to do it, eg, use dataview, gridview. if anyone thinks it would be easier for me to post up some of my code then i will upon request.
thanks for any help given, it is much needed
View 6 Replies
View Related
May 1, 2008
Greetings to all -
I am trying to enter the date fields from my form into a SQL 2005 db by way of Visual Basic. The VB parameters are as follows:
Protected Sub DataEntry_Btn_NewGig_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles DataEntry_Btn_NewData.Click Dim EnterData As New SqlDataSource() EnterData.ConnectionString = ConfigurationManager.ConnectionStrings("MyDB_ConnectionString").ToString EnterData.InsertCommandType = SqlDataSourceCommandType.Text EnterData.InsertCommand = "INSERT INTO Data(Name,ExpertiseID,Description,PONumber,StartDate,EstHours,HourlyRate)VALUES(@Name,@ExpertiseID,@Description,@PONumber,@StartDate,@EstHours,@HourlyRate)" EnterData.InsertParameters.Add("Name", TBox_Name.Text) EnterData.InsertParameters.Add("ExpertiseID", Drop_Expertise.SelectedValue) EnterData.InsertParameters.Add("Description", TBox_Description.Text)
...and so on...
All works well with data input into the ASP form using VB. The problem is, I'm using a Javascript date picker (calendar) to make it easier for users to input the date into the "StartDate" SQL column mentioned above. Do I want to use Javascript to enter this data, or VB? And, how do I write this code whether it is one or the other? I want to have all data entered with one button click event. Also, the code I am using for the calendar date picker is below:
<td><input type="text" name="date" id="f_date_a" readonly="readonly" />
<img src="img.gif" id="f_trigger_a" style="cursor: pointer; border: 1px solid blue;" title="Date selector" onmouseover="this.style.background='blue';"
onmouseout="this.style.background=''" alt="Click to Enter Date"/>
<script type="text/javascript">Calendar.setup({inputField : "f_date_a",ifFormat : "%B %e, %Y",button : "f_trigger_a",align : "TL",singleClick : true });
</script></td>
I apologize if this post is in the wrong forum; thanks to all in advance...
View 1 Replies
View Related
Feb 27, 2008
hi,
iam thinking of changing my ajax slideshow so that it gets the data from the databse. currently i am finding it hard to add text functianlity the way i want with the slide show.
what my query is, that if i to using a datalist can i add javasscript functionality to the data being retrived. for example, currently i have written some javascript so that a series of text is diplayed one after the other in a sequence from just one button click. so if im pulling data out of a databse can i still add this javascript functionality to it? i hope this makes sense, if it doesnt then i am willing to elaborate. please can any one offer any advice or examples or any suggestions on how i can do this. any help is much appricated as i am struggling to find a solution as i orinally wanted to be able to add this javascript functionality with the play button of the slide show but i couldnt find a solution.also i think its better to use some kind of database as i can use the editing funtions visual web developer offers
thank you
View 2 Replies
View Related
Apr 2, 2008
Can anyone help with the proper syntax to use to populate a JavaScript array using values from an SQL database.
I tried doing the following with no results:
Dim sql,Rs1
sql = ""
sql = sql & "SELECT EmpNumber FROM EmpFile "
Set Rs1 = Server.CreateObject("ADODB.Recordset")
Rs1.Open sql, DecryptedText(TheFile,"ConSQL"), 3
%>
<script language="JavaScript">
EmpNumber=new Array(<%=Rs1("EmpNumber")%>);
</script>
View 1 Replies
View Related
Jan 1, 2008
I have a SQL Server 2000 database that had its data corrupted. Any text field, usually varchar(50) or greater, had most of its text replaced with a script HTML tag pointing to a w.js file on rnmb.net. I think the update came in through a website because only one of the databases on the server had its data corrupted. Has anyone heard of this before? I can't find any information on this corruption on the internet because when I do a search for the exact script, it returns other websites that have been corrupted by it.
View 1 Replies
View Related
Dec 20, 2007
hi ,
i am using sql server reporting services 2005.
When ever report is blank it gives me javascript error. In IE on bottom left it shows js error icon. Details of error are
Line: 13
Char: 692
error: Object Required
Code: 0
kindly guide me ...
thanks
Vishruti
View 6 Replies
View Related
Mar 4, 2008
I am new to ASP.NET. At present i am developing a web application in which i need to insert data in database(MS SQL 2005) from a form which uses only HTML controls. I need to use HTML controls so posting of form to the server is not done and hence i need to generate HTML controls using javascript. So the data in the form must be stored in the database. How this data can be inserted in the database is the problem and i think that javascript might be the solution for it.
Sagar
View 3 Replies
View Related
Feb 14, 2008
I have a report with a fixed header that works properly when the query returns results (or fixedheader = false). However, when the result set is empty, I get tenacious client-side "object required" errors. Obviously I can either turn the fixedheaders off or disable debugging in IE, but is there a Microsoft fix for this problem?
View 1 Replies
View Related
Aug 23, 2005
Hi friends
I have a database where i need to replace with a new version of the same one.
Can anyone suggest the best possible and reliable way of doing that
regards
Vic
Vicky
View 3 Replies
View Related
Sep 4, 2005
Need to update data from one table with data from another table.
I'm very, very new to MS SQL Server
I have the following two tables.
First table
tblEmp
Field - empno
Second table
tbltemp
Field - oldempno
Field - newempno
tblemp.empno = tbltemp.oldemno
I need to replace the data in tblEmp.empno with tbltemp.newempno where tblemp.empno = tbltemp.oldempo.
Thank you.
View 1 Replies
View Related
Jun 26, 2001
Hi, and tanks for taking time to read this question. I am still a novice at SQL (Server 2000)programming.
Is there a way to replace the contents of a column of a table derivied from SELECT and WHERE statements?
For example,
SELECT * FROM table1
WHERE column1 = 'text'
and replace 'text' with say, 'newtext'
Any help would be appreciated!
Regards,
Chandran
View 5 Replies
View Related
Oct 9, 2006
hi.
I have to update a column with new data. I have to replace the values that lay with a certain range. for example
my table has a column called ENI_KEYVALUE1, I have to update the data in this column only where the ENI_KEYVALUE1 is between P6_00001 and P6_00240. The values have to be replaced with values listed sequencially in an excel spreadsheet.
how do I do this???
thanks in advance
View 2 Replies
View Related
Feb 14, 2008
i have following problem: i need to import csv data into a ole db destination. on colum in the csv file is a 'external' customer number but in the destination table there must be an 'internal' customer number. of course there's a table where the mappings between external and internal customer number are defined, but this tables is located on another server. So i have no idea how to solve this problem ... maybe because i'm pretty new to ssis
thanks a lot
View 13 Replies
View Related
Mar 24, 2014
I run this code:
SELECT
Gruppo_Assegnatario,
[100] as stato1, [101] as stato2, [102] as stato3
FROM
(
select
[Code] ...
That extracts only zeros (columns "stato1", "stato2", "stato3"):
Gruppo_Assegnatariostato1stato2stato3
SDB_BE Vita Antiriciclaggio0 00
SDB_BE Vita Assistenza clienti000
SDB_BE Vita Emissione000
SDB_BE Vita Gestione Rendite000
SDB_BE Vita Liquidazioni000
[Code] ....
Unlike the "SourceTable":
select
CASE_ID_,
Stato,
Gruppo_Assegnatario
FROM TicketInevasiPerGruppoEStato
extracts
CASE_ID_ Stato Gruppo_Assegnatario
HD0000003736734 AssegnatoSDB_GBS Variazione
HD0000003736739 AssegnatoSDB_GBS Variazione
HD0000003736743 AssegnatoSDB_GBS Variazione
HD0000003736783 AssegnatoSDB_GBS Variazione
HD0000003736806 SospesoSDB_BE Vita Selezione
[Code] ....
How can I get the right count in the first data mining replacing the zeros (columns "stato1", "stato2", "stato3")?
View 5 Replies
View Related
Jul 20, 2005
Hi;I am trying to write a rountine ( below ) that will go into a colum oftext data type ( fae.pmcommnt ) locate the word "to" and replace it.I have the routine below. I get no error messages, but it also seemsto do nothing :).Any clues would be greatly appreciated.ThanksSteve================================================== =============declare @ptrP intSELECT @ptrP = PATINDEX('%to%', pmcommnt)from fae where projid ='00013'declare @ptrPC binary(16)select @ptrPC = TEXTPTR(pmcommnt)from faeif( TEXTVALID ('fae.pmcommnt', @ptrPC ) > 0 )print 'works'print @ptrPUPDATETEXT fae.pmcommnt @ptrPC @ptrP 2 'JJ'select projid, pmcommnt from fae
View 2 Replies
View Related
Nov 1, 2006
Hi
I am new to SSIS and have the following problem. I used the following script to clear data in columns of any CR/LF/Commas and char(0)'s. Can I just transfer this to SSIS and how exactly do I do that? Any help or advice would help.
Function Main()
Dim x
For x=1 to DTSSource.count
If Isnull(DTSSource(x)) = False Then
DTSDestination(x) = replace(replace(replace(Replace(DTSSource(x) , chr(13),""),chr(10),""),chr(0),""),","," ")
Else
DTSDestination(x) = DTSSource(x)
End If
Next
Main = DTSTransformStat_OK
End Function
Andre
View 8 Replies
View Related
Jul 5, 2002
I am new, but am good at javascript.Can one use SQL in javescript, that is, to create good html forms whose buttons are linked to SQL datebases?
View 1 Replies
View Related
Jan 4, 2007
Hello everyone,
I am trying to implement two list boxes such that contents of one depends on selection in the other w/o reloading the page. I am using SqlDataSource object to retrieve data from SQL DB. When I am trying to write javascript for listbox population I run into an issue of not knowing which properties I have access to for SqlDataSource object. I need to know how many rows of information is there in the object and how to access that data. Can anyone advise on how would I do that, or direct me to a website that has a list of avalable properties?
Thank you!
View 3 Replies
View Related
Oct 19, 2001
I would like to know if someone has any idea on how to make a "<select></select>" tag hidden. for a textbox it's simply:
<input type="hidden" id="textCustom2" name="textCustom2" value>.
Is there such a thing for options? a javascript perharps?
thanks.
View 1 Replies
View Related
Oct 23, 2007
Hi, I am trying to link to a page outside of reporting services from a report. I am using SQL Server 2005 Reporting Services [Standard Edition]. The hyperlink works if it is a straight URL, however, nothing happens if I modify it to use Javascript so I can open the link in a new window. I have found many posts on the web from others indicating it should be really easy, but I can not get the link to recognize ANY Javascript (also tried a basic alert with no luck).
The Javascript I am using is well formatted. I can place it into a test page and it runs fine. I can also RC and View Source on my report, grab the entire link, put it in a test page and it works fine. It just doesn't work from the report - ?
Any ideas?
Thanks in advance,
Francine
View 3 Replies
View Related
Jul 12, 2007
Hi everybody,
I need to get the value of the ShowParametersPrompt property of the ReportViewer control.
This Reporting Services control is used in an asp.net 2.0 page.
With javascript I want to change the height of some elements of the page and this accordign to the height of the report viewer.
Can anybody help me to get the value of some properties of this control?
thanks in advance!!
best regards
Filip De Backer
View 4 Replies
View Related
Jul 26, 2004
I am well stuck in the mud right now.
Here is the problem. I am trying to write this: strLink2 = "<a href='JavaScript:OpenFile(" & strFileName & ")'>" & strFileName & "</a>" to SQL and then return it to a datagrid when I want it.
Easy enough, and as such all is well except for the fact that the Javascript doesn't work. In the grid it gets written as JavaScript:OpenFile(myfile). I need to add the single quotes around the file name so it writes JavaScript:Open('myfile').
I now know many ways that do not work. Any help would be greatly appreciated.
View 5 Replies
View Related
Mar 21, 2008
I need to dispaly 'mm/dd/yyyy' on a text box(aspx page) by default.
When the user enters the date(only numerics) in the text box it should take the date in that order.
eg.. if the user enters 01012008 on that text box, it should display 01/01/2008, adding '/' by itself.
if the user enters 12312008 on that text box, it should display 12/31/2008, adding '/' by itself.
I am having tuff time,Can anyone, please provide the code for this solution.
View 1 Replies
View Related
Jan 8, 2007
I found an article on connecting SQL server using JavaScript. http://www.devarticles.com/c/a/JavaScript/Combining-North-Pole-with-South-Pole-JavaScript-with-SQL-Server-2000/
Do you people think it's possible? i try out the code already but something wrong with it. I just copy and paste it to a html file but it comes out with error. Do I miss out something? Thanks.
SY Tee
View 3 Replies
View Related
Oct 18, 2007
Hi All.
So what I'm trying to do is open a new report in a new window(which I can already do) and keep that new window above all other windows.
Here is the code I'm using to open the new window.
javascript:void window.open('http://reportserver2/ReportServer/Primavera/?%2fprimavera%2fcustom+reports%2fIT%2fUnder+Review+Rup+Commitment+IT+Artifacts+subreport&rc:Toolbar=False&rs:Command=Render&pickITDeliveryOID=" & Fields!OID.Value & "', 'Test', 'location=0, menubar=0, toolbar=0, resizable=0, width=450, height=200')
It works great. I'm able to open the window and target links back to the same open window. But what I can't do is keep that window on top above all of the other windows. That is without closing the newly opened window and reclicking another link.
Is there someway for me to set the focus to the newly opened window so it will always remain above all other windows? I know this can be done with javascript(Code below would do the trick) but I'm just not sure how to incorporate the scripts into reporting service.
var newwindow;
function windowopen(url)
{
newwindow=window.open(url,'name','height=400,width=200');
if (window.focus) {newwindow.focus()}
}
<a href="javascript:windowopen('poppedexample.html');">Pop it</a>
Any help would be greatly appreciated
Thanks
View 1 Replies
View Related
Jan 31, 2008
I'm using reporting services actions to execute some javascript. My javascript is quite complicated. Thus I don't want to duplicated it on each item. I've created javascript function and wan't to execute it from actions. But I can't find the way how to include my javascript code into my reports. If there's way to include it for all reports generated on reporting services server - it works fine for me.
Thanks in advance!
View 3 Replies
View Related
Apr 20, 2006
Hi,
i have a problem with the rs 2005, using url access to call a report:
---------------------------
Error
---------------------------
Error: 'RSClientController' is undefined
Calling a report from the reportmanager works. The rs2005 runs on a machine with a parallel installed rs2000.
I configured the virtual directory to machinename/reports2005 & machinename/reportserver2005.
When i debug the clientscript i see that he requests a "/ReportServer2005/Reserved.ReportViewerWebControl.axd?OpType=Resource&Version=9.00.1399.00&Name=Scripts.ReportViewer.js" and it seems that he doesn't get the jscript file.
I tried the solution with the axd-mapping, which an user posted here before but it didn't worked for me.
any other suggestions?
View 22 Replies
View Related
Mar 31, 2006
Hello-
I have developed a number of reports on Win XP with VS2005. They run on our development server, which is running Windows Server 2003 32-bit. I then deploy these reports on our production server, which is running Windows Server 2003 64-bit edition.
Accessing any of the reports from Report Manager results in javascript errors, such as 'Line 41 Error: 'RSClientController' is undefined'
I get these errors also when invoking these reports through a form post.
It appears that some javascript code generated by the report server is missing. Could this be a 32-bit vs 64-bit issue? Report Manager seems to work fine; it is only when I run a report that I have this problem. This is the first time I've tried to deploy reports to this server.
Thanks.
View 13 Replies
View Related
Dec 4, 2007
I've been trying to find a solution to adding javascript and/or HTML to a report (not reportviewer). After a search I found that you can add javascript to a textbox under action properties and it works fine. Is there a way to add custom code anywhere on the page.
The problem is the charts that come with SRS is limited so I'd like to add my own. I'd also like to add some ajax functionality as well. I know it's possible because a company called Dundas is doing it but not exactly sure how they implemented it. We considered Dundas but they are just too expensive for the solution we need.
Any help would be much appreciated.
View 8 Replies
View Related