Clarification on IIS reported sql-injection exploits

My post will not get as much press as Slashdot, but here is some postings from sources at MS, including Bill Staples on the SQL Injection attacks that help clarify things.

Here is a post on about this topic

For those who want to use Log parser to detect in your IISLogs if you’ve been hit, here are a few log parser examples.

‘This will find all webpages that had sql injection.  You can change the wording between the %% to look for a different string
logparser -i:iisw3c “select date,time,cs-uri-stem,cs-uri-query from <> where cs-uri-query like ‘%CAST%’” -o:csv

‘This will give you the first time your site was hit, if applicable. 
logparser -i:iisw3c “select date,time,cs-uri-stem,cs-uri-query from <> where cs-uri-query like ‘%1.js%’” -o:csv

‘Download Log Parser 2.2

Hope this helps,

Steve Schofield
Microsoft MVP – IIS

Script to pull Windows Server 2008 servers AD and log to a text file

Here is a script to pull all Windows Server 2008 servers out of your Active Directory and log to a text file.  Just change the LDAP string.

Set fso = Wscript.CreateObject(“Scripting.FileSystemObject”)
Set objConnection = CreateObject(“ADODB.Connection”)
Set objCommand = CreateObject(“ADODB.Command”)
objConnection.Provider = “ADsDSOObject”
objConnection.Open “Active Directory Provider”

Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
    “SELECT Name FROM ‘LDAP://DC=example,DC=com’ WHERE objectClass=’computer’ ” & _
        “and operatingSystemVersion = ‘6.0 (6001)’” 
objCommand.Properties(“Page Size”) = 1000
objCommand.Properties(“Searchscope”) = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
    Wscript.Echo “Computer Name: ” & objRecordSet.Fields(“Name”).Value
    LogInfo objRecordSet.Fields(“Name”).Value

set objCommand = Nothing
set objRecordset = Nothing
set objConnection = Nothing

‘ —————————————————————————————
‘ |                                 Loginfo     |
‘ —————————————————————————————

Sub LogInfo(strResult)
 dim objFile, fso2
 objFile = “output.txt”
 If fso.FileExists(objFile) Then
  Set objFile = fso.OpenTextFile(objFile, 8)
  objFile.WriteLine strResult
  Set objFile = fso.CreateTextFile(objFile, True)
  objFile.WriteLine strResult
 End If
End Sub


IIS7 – post #65 – IIS Manager extensibility experiences

I’m attempting to write a plugin for the product I developed to handle IIS and related log files.   Right now, the way you manage IISLogs is using a Winforms application or updating the config file directly.   Microsoft has made it so you can extend IIS Manager.  The winforms tool that you use to manage IIS 7.0.  While I’m still in the research phase, I wanted to pass along a couple links and one bit of advice.  I must say, once I get all the moving pieces down, this should be pretty neat.  I have no timeline for when the tool will be done, but I’m betting it’ll be an adventure.  Stay tuned.

Here are a couple articles on IIS 7 extensibility

One tip to pass along from Thomas Deml

When adding your declaration in %windir%system32inetsrvconfigadministration.config.  Make sure to format it like 
“type=”<namespace>.<classname>,<assemblyname> …”

Here is an example
<add name=”imageCopyrightUI” type=”IIS7Demos.imageCopyrightUIProvider, IIS7Demos, Version=, Culture=neutral, PublicKeyToken=3fd9bd5e992ee757″/>

The namespace and file name would be IIS7Demos.  The class name would be imageCopyrightUIProvider

For those looking for further assistance about IIS 7.0 extensibility, check out the forum at


Steve Schofield
Microsoft MVP – IIS