October 15, 2009
|
Foiled attack
|
8658 hit(s)
Earlier today, someone left the following "comment" on an entry in the blog:
<% foreach (var x in ConfigurationManager.ConnectionStrings){%><%= x.ToString() + "<br />" %><% } %>
This is an attempt, obviously, to get connection information about any and all databases that the blog has access to.
In this particular case, the attack was not successful because I encode stuff in comments, so it was just passed through as text. I sure hope that I've anticipated other, relatively straightforward attacks of a similar nature. But as we know, hackers are wily. And I am not particularly so, alas.
It goes to show that no matter how trivial your site, someone is interested in hacking it. Security: It's not just for commercial web sites.
|
|
