There is an undocumented command for checking SQL Server transaction log file for 7.0 and 2000.
To use it: DBCC log(dbname|dbid, [type=-1|0|1|2|3|4])
The meaning of type is
-1: 4 + hex dump of low row info, checkpoint begin, DB version, and Max XDESID
from 0 to 4, more information about the transaction is retrieved. Default value is 0.
From windows command line tool, msi content can be extracted using msiexec command.
With C:\>msiexec, a windows installer window will come up showing the syntax of msiexec. To actually extract the content,
msiexec /a msifile /qb TARGETDIR=outfolder
Microsoft published a security advisory (954462) on June 24, 2008 warning about the rising occurrence SQL Injection attack. "These SQL injection attacks do not exploit a specific software vulnerability, but instead target Web sites that do not follow secure coding practices for accessing and manipulating data stored in a relational database."
This morning, I find out that one of our databases was subjected to this issue, which causing the web site failed to launch. We have to restore the data from backup.
One useful tool, (also suggested in the security advisory) is HP Scrawl, which help web site administrators to detect SQL Injection vulnerabilities.
