sql被注入后清理脚本
2010-10-23 10:39 starlet 阅读(214) 评论(0) 收藏 举报1.打开mssql企业管理器,将Windows身份验证用户:BUILTIN\Administrators的安全性访问选为:拒绝访问.
2.打开查询分析器,将非法字符串replace掉,本人做了个小代码段,遍历数据库所有的[字符串字段],将定义的字符串去掉,可以为大家效劳一下.
2.打开查询分析器,将非法字符串replace掉,本人做了个小代码段,遍历数据库所有的[字符串字段],将定义的字符串去掉,可以为大家效劳一下.
1
2 /***********定义要去除的字符,请注意,可能不止一条,我的服务器就查到两条************/
3 declare @delStr nvarchar(500)
4 set @delStr=' <script src=http://cn.daxia123.cn/cn.js> </script>'
5 --set @delStr=' <script src=http://cn.jxmmtv.com/cn.js> </script>'
6 /****************************************/
7
8 /**********以下为操作实体************/
9 set nocount on
10
11 declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
12 declare @sql nvarchar(500)
13
14 set @iResult=0
15 declare cur cursor for
16 select name,id from sysobjects where xtype='U'
17
18 open cur
19 fetch next from cur into @tableName,@tbID
20
21 while @@fetch_status=0
22 begin
23 declare cur1 cursor for
24 --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
25 select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
26 open cur1
27 fetch next from cur1 into @columnName
28 while @@fetch_status=0
29 begin
30 set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''
31 exec sp_executesql @sql
32 set @iRow=@@rowcount
33 set @iResult=@iResult+@iRow
34 if @iRow>0
35 begin
36 print '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
37 end
38 fetch next from cur1 into @columnName
39
40
41 end
42 close cur1
43 deallocate cur1
44
45 fetch next from cur into @tableName,@tbID
46 end
47 print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
48
49 close cur
50 deallocate cur
51 set nocount off
52 /*****以上为操作实体******/
2 /***********定义要去除的字符,请注意,可能不止一条,我的服务器就查到两条************/
3 declare @delStr nvarchar(500)
4 set @delStr=' <script src=http://cn.daxia123.cn/cn.js> </script>'
5 --set @delStr=' <script src=http://cn.jxmmtv.com/cn.js> </script>'
6 /****************************************/
7
8 /**********以下为操作实体************/
9 set nocount on
10
11 declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
12 declare @sql nvarchar(500)
13
14 set @iResult=0
15 declare cur cursor for
16 select name,id from sysobjects where xtype='U'
17
18 open cur
19 fetch next from cur into @tableName,@tbID
20
21 while @@fetch_status=0
22 begin
23 declare cur1 cursor for
24 --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
25 select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
26 open cur1
27 fetch next from cur1 into @columnName
28 while @@fetch_status=0
29 begin
30 set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''
31 exec sp_executesql @sql
32 set @iRow=@@rowcount
33 set @iResult=@iResult+@iRow
34 if @iRow>0
35 begin
36 print '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
37 end
38 fetch next from cur1 into @columnName
39
40
41 end
42 close cur1
43 deallocate cur1
44
45 fetch next from cur into @tableName,@tbID
46 end
47 print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
48
49 close cur
50 deallocate cur
51 set nocount off
52 /*****以上为操作实体******/
浙公网安备 33010602011771号