1. Original Entry + Comments2. Write a Comment3. Preview Comment
New comments for this entry are disabled.


October 15, 2009  |  Foiled attack  |  7721 hit(s)

Earlier today, someone left the following "comment" on an entry in the blog:

<% foreach (var x in ConfigurationManager.ConnectionStrings){%><%= x.ToString() + "<br />" %><% } %>

This is an attempt, obviously, to get connection information about any and all databases that the blog has access to.

In this particular case, the attack was not successful because I encode stuff in comments, so it was just passed through as text. I sure hope that I've anticipated other, relatively straightforward attacks of a similar nature. But as we know, hackers are wily. And I am not particularly so, alas.

It goes to show that no matter how trivial your site, someone is interested in hacking it. Security: It's not just for commercial web sites.