Closed

Fixing the MS Access injection hacking

This project was awarded to shawnburt for $85 USD.

Get free quotes for a project like this
Employer working
Awarded to:
Project Budget
$30 - $100 USD
Total Bids
19
Project Description

Our web site is based on [url removed, login to view] amd is running on a shared hosted server that is an IIS server. The database we use is MS Access.

Recently, we have had some hacking attacks on our web site where the all the data that can be accessed from web pages into the database is overwritten by the hacker. They were not able to overwrite things like Members llist that is not accessible from the web pages (or maybe they could access but did not overwrite them).



After reading on internet, my best guess is that this is a sort of "SQL injection hacking" technique where they add some query at the end of our SQL query and run their malicious code to get write access to the database.



I need someone who is experienced with this and can lok at the code and fix the security loop hole. I know that for an experienced person, this is a very small project. BTW, our web site has total of 8-10 pages and most probably, the fixes will only be in one file that opens the access to database.

If you are an expert in this field - please email us with further questions.

Thanks
Abhay


## Deliverables

1) Complete and fully-functional working program(s) in executable form as well as complete source code of all work done.


2) Deliverables must be in ready-to-run condition, as follows (depending on the nature of the deliverables):
a) For web sites or other server-side deliverables intended to only ever exist in one place in the Buyer's environment--Deliverables must be installed by the Seller in ready-to-run condition in the Buyer's environment.
b) For all others including desktop software or software the buyer intends to distribute: A software installation package that will install the software in ready-to-run condition on the platform(s) specified in this bid request.
3) All deliverables will be considered "work made for hire" under U.S. Copyright law. Buyer will receive exclusive and complete copyrights to all work purchased. (No GPL, GNU, 3rd party components, etc. unless all copyright ramifications are explained AND AGREED TO by the buyer on the site per the coder's Seller Legal Agreement).

## Platform

[url removed, login to view] web site running on an IIS server.


Using MS Access database.

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online