At 03:15 PM 8/28/2007, Kamil Srot wrote:
>Andrew, Alvaro... well, sure SQL injection is possibility I cannot
>ignore... (and sure as "dad" of this
>application, I think it's not the case :-) ... just kidding...
>As even the injected SQL will be shown in the logs, so we'll know
>more after some time. It's too much
>issues of the same type to thing, it'll not appear anymore.
>
>I'm really interested in what is the problem not only from
>proffesional point of view...
If it's SQL injection via a webserver app, and you have _already_
logged http requests in sufficient detail you could try to look for a
"drop" in them or variations of escaped versions of it e.g.
..%44%52%4f%50... %64%52o%70 at about the time you think the incident happened.
Of course it could just be someone had db access and sent the drop command.
Regards,
Link.