Foiled attack - mike's web log

About

I'm Mike Pope. I live in the Seattle area. I've been a technical writer and editor for over 30 years. I'm interested in software, language, music, movies, books, motorcycles, travel, and ... well, lots of stuff.

Read more ...

Blog Search

(Supports AND)

Include comments

Google Ads

Feed

Subscribe to the RSS feed for this blog.

See this post for info on full versus truncated feeds.

Quote

goodnight you cats
Now is the time for all good cats to go to sleep
there are things to do tomorrow
And you can do them then
but now its time to sleep
and you can dream

— martha the cat

[ view all quotations ]

Navigation

[ home ]

March 2023

25 Most-Visited Entries

1. THE most basic way to implement ASP.NET Razor security
2. Rendering HTML as HTML in Razor
3. Fun (or not) with noun stacks
4. Custom bi-directional sorting in GridView
5. Using the confirmation feature for ASP.NET Web Pages security
6. RSS feed truncation: reader's choice
7. DropDownList in a FormView control
8. Changing the headlight on a 2010 Honda Shadow Phantom
9. System.Net.Mail and embedded images
10. Constructing site URLs in ASP.NET Razor
11. When in English, do like English
12. Dialog boxes and security
13. Moving a website in WebMatrix
14. ASP.NET Razor Chart helper: What chart types can you use?
15. Updated validation in Web Pages v2
16. Finding the right trousers
17. Blog update: Added a Facebook Like button
18. Anniversaries in IT
19. Blog feed fixed, oops
20. Dude, where's my Razor API ref?
21. Moving the blog
22. Blog move successful (?)
23. WebMatrix Beta 2 tip: why can't I use helpers?
24. Documenting ASP.NET Razor
25. ASP.NET Calendar Questions: a pop-up calendar

Categories

RSS
RSS aspnet
RSS blog
RSS books
RSS editing
RSS family
RSS Friday words
RSS FridayFun
RSS funny
RSS general
RSS history
RSS house
RSS language
RSS motorcycles
RSS movies
RSS MS Word
RSS music
RSS personal
RSS politics
RSS readings
RSS roundup
RSS seattle
RSS teaching
RSS technology
RSS travel
RSS ukulele
RSS webmatrix
RSS whidbey
RSS work
RSS writing

Contact Me

Email me

Blog Statistics

Dates
First entry - 6/27/2003
Most recent entry - 2/21/2023

Totals
Posts - 2642
Comments - 2655
Hits - 2,551,646

Averages
Entries/day - 0.37
Comments/entry - 1.00
Hits/day - 354

Updated every 30 minutes. Last: 3:21 PM Pacific

Foiled attack

Thursday, 15 October 2009 02:07 PM

Earlier today, someone left the following "comment" on an entry in the blog:

<% foreach (var x in ConfigurationManager.ConnectionStrings){%><%= x.ToString() + "<br />" %><% } %>

This is an attempt, obviously, to get connection information about any and all databases that the blog has access to.

In this particular case, the attack was not successful because I encode stuff in comments, so it was just passed through as text. I sure hope that I've anticipated other, relatively straightforward attacks of a similar nature. But as we know, hackers are wily. And I am not particularly so, alas.

It goes to show that no matter how trivial your site, someone is interested in hacking it. Security: It's not just for commercial web sites.

[categories] blog, aspnet

~~comment~~ | link