One of my client website got hack into and the web application that I created for them is disabled/block externally. Only internally within their business, they will be able to access it. The person that is maintaining the server say, a hacker went straight to the database without having to log onto the server. The person that is maintaining the server is blaming on my web application, which no one has access to view the page except internally within the client work location.
Is this is posibble if the server is secure?
Both scenarios are possible. Hacker might have gotten access to your database or got in through your app via SQL Injection attack. Do you use parameterized queries in your application?
|||The queries is within the code-behind page, I didn't use stored procedured. But yes, it is paramaterize queries. How can a hacker be able to access a database without logging onto the database? Also, how a hacker be able to do an SQL Injection when all administrative webpage(within "admin" folder) is disable/block to all external users. Only the website is shown to external users and internal users is allow to view the administrative webpage. Sorry, if I didn't explain everything. For example, when accessing this: www.mywebsite.com/admin , it would show...
You are not authorized to view this page
The Web server you are attempting to reach has a list of IP addresses that are not allowed to access the Web site, and the IP address of your browsing computer is on this list.
Please try the following:
Contact the Web site administrator if you believe you should be able to view this directory or page.|||Its very well possible. Do a google search for "SQL Injection attack".
No comments:
Post a Comment