sql injection in IIS

Jul 6, 2008 at 11:03 PM
Hello,

My server is affected by sql injection.

After investigate two days and stop application to avoid current SQL injection, we found following string used by Asprox botnet:

DECLARE%20VARCHAR(4000));EXEC(@S);

In following link you can see info about it and a patch for Cisco Software: http://tools.cisco.com/security/center/viewIpsSignature.x?signatureId=6964&signatureSubId=0&softwareVersion=6.0&releaseVersion=S342.


Please help

Thanks,
Chris Harris