'Insurance' Code injection attack

  • Thread starter Thread starter Sati
  • Start date Start date
S

Sati

Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into
link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection
seems to be occurring after the pre-render event.


Thanks in advance.
 
Sati said:
Hi All,
Does anyone know how to clean a asp application from a
virus that converts labels with the word 'Insurance' into
link button to a web page. It also injects text in the
textbox when the textbox.text has any reference to
this 'insurance' word.

I am using custom controls on custom page. This injection
seems to be occurring after the pre-render event.
Click to expand...

Download SpyBot S&D and perhaps even HackThis! as it sounds more like you
have a spybot of some sort active.
 
Thanks.. and yes, the page gets the data from SQL server
2000. And no, its not from the Database or even the Web
server. Its local to the client browser and seems to be in
the IE browser.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on the client machine.

Seems like a BIG security Flaw in IE.
 
sati said:
Thanks.. and yes, the page gets the data from SQL server
2000. And no, its not from the Database or even the Web
server. Its local to the client browser and seems to be in
the IE browser.

Even in the client machine, if we look at the html source
code, this injection code does not exist. If this is true
than I have no way of knowing how the page is getting
rendered on the client machine.

Seems like a BIG security Flaw in IE.
Click to expand...

If it is a security flaw in IE, then you seem to be the first to find it.
 
It sounds like that machine or the proxy server has a bad version cached.

If you clear the cache and tell IE to get a new page every time does it fix
it?
 
Back
Top