很多网站经常被当“肉站”来研究并注入,之后数据库所有表的所有char,varchar,nchar,nvarchar类型的字段值都被加上了一段JS
此时除了查找程序漏洞外 ,迫切要做的是恢复数据库,这里有一段SQL,你只要进入查询分析器 指定被注入的数据库,然后运行即可。
注意:第二行的js换成你数据库中被植入的JS,其他不用改。
declare @delStr nvarchar(500)
set @delStr='<script src=http://3b3.org/c.js></script>'
set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(500)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
--xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
begin try
set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''
exec sp_executesql @sql
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
if @iRow>0
begin
print '表:[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
end
end try
begin catch
end catch
fetch next from cur1 into @columnName
end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
close cur
deallocate cur
set nocount off
点击下载(763 字节)
[责任编辑:jumbot]
