All of a sudden, you realize that something’s wrong with your database objects. Some stored procedures are missing, functions are there but they don’t work as expected since their code seems to be altered, and some triggers are created and fired which enhances the chaos you’re in.
After the initial shock, you start investigating. Don’t rule out a SQL injection attack, as it’s one of the most common web application security issues.
To find out more about SQL injection attacks, see: Checklist for suspicious activity on the SQL Server
ApexSQL Log is an auditing and recovery tool for SQL Server databases which reads transaction logs, transaction log backups, detached transaction logs and database backups, and audits, reverts or replays data and object changes that have affected the database, including the ones that have occurred before the product was installed.
To recover objects that were deleted in a SQL injection attack, use ApexSQL Log
- Start ApexSQL Log
Connect to the database
If you have any transaction log backups and/or detached transaction logs made before the SQL injection occurred.
- To add transaction log backups or detached transaction logs click “Add” button
- Select the needed transaction log backups or detached transaction logs and click “Next”
Use the “Filter” tab, “Time range” filter to narrow down the recovery to the time when the SQL injection occurred
On the “Operations” filter tab, unselect all Data operations (DML) to skip auditing the data changes – inserts, updates and deletes. If you can tell which object types have been tampered with, check only the specific Schema operations (DDL). If not, check all schema operations
- If applicable, use other available filters to narrow down the results
- To create the Undo script:
Execute the script against the database
After the Undo script is executed, the object changes will be rolled back and the original objects will be back in the database. All objects added by the SQL injection attack will be removed
Even if it looks like the worst-case scenario, it doesn’t have to be. ApexSQL Log can help you recover your objects to their original state
April 4, 2013