数据库被批量注入解决办法(SQL语句)
2009-02-17 16:18
495 查看
针对最近老是出现的SQL注入,借鉴网上一些SQL语句,写了如下语句。希望对中招的朋友有所帮助。
使用方法:复制以下代码到SQL查询分析器,将‘<script src=http://cn.jxmmtv.com/cn.js></script>’修改成被注入的脚本。
declare @delStr nvarchar(500)
set @delStr='<script src=http://cn.jxmmtv.com/cn.js></script>'
set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(4000)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
--xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型35为text,99为ntext
select name from syscolumns where xtype in (35,99) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
set @sql = 'update ['+ @tableName +'] set [' + @columnName+ '] = replace(cast([' + @columnName + '] as varchar(8000)) ,''' + @delStr + ''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''
--execute sp_executesql @sql --第一次运行,先注释掉本句,查看数据库被破坏情况,根据情况选择是否启用该语句
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
print @sql
fetch next from cur1 into @columnName
set @sql='declare @rowValue varchar(4000);
declare @indexofstr int;
--declare @badrowcount int;
--declare @normalrowcount int;
set @badrowcount = 0
set @normalrowcount = 0
declare cur2 cursor for select ['+ @columnName +'] from [' + @tableName + '];
open cur2;fetch next from cur2 into @rowValue;
while @@fetch_status=0
begin
select @indexofstr = charindex('''+@delStr+''',@rowValue);
if(@indexofstr>0)
set @badrowcount = @badrowcount + 1;
else
set @normalrowcount = @normalrowcount + 1;
fetch next from cur2 into @rowValue;
end;
close cur2;
deallocate cur2;
select @maxlength = max(DATALENGTH( ['+ @columnName +'] )) from [' + @tableName + '] '
declare @badrowcount int,@normalrowcount int,@maxlength int
execute sp_executesql @sql,N'@badrowcount int output,@normalrowcount int output,@maxlength int output',@badrowcount output, @normalrowcount output,@maxlength output
print '表名:[' + @tableName + '] 列名:[' + @columnName +']'
print '包含字符串行数:' + cast (@badrowcount as varchar(20))
print '不包含字符串行数:' + cast (@normalrowcount as varchar(20))
print '本列最长字符串长度:' + cast (@maxlength as varchar(20))
print ''
end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
close cur
deallocate cur
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新'
使用方法:复制以下代码到SQL查询分析器,将‘<script src=http://cn.jxmmtv.com/cn.js></script>’修改成被注入的脚本。
declare @delStr nvarchar(500)
set @delStr='<script src=http://cn.jxmmtv.com/cn.js></script>'
set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(4000)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
--xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型35为text,99为ntext
select name from syscolumns where xtype in (35,99) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
set @sql = 'update ['+ @tableName +'] set [' + @columnName+ '] = replace(cast([' + @columnName + '] as varchar(8000)) ,''' + @delStr + ''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''
--execute sp_executesql @sql --第一次运行,先注释掉本句,查看数据库被破坏情况,根据情况选择是否启用该语句
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
print @sql
fetch next from cur1 into @columnName
set @sql='declare @rowValue varchar(4000);
declare @indexofstr int;
--declare @badrowcount int;
--declare @normalrowcount int;
set @badrowcount = 0
set @normalrowcount = 0
declare cur2 cursor for select ['+ @columnName +'] from [' + @tableName + '];
open cur2;fetch next from cur2 into @rowValue;
while @@fetch_status=0
begin
select @indexofstr = charindex('''+@delStr+''',@rowValue);
if(@indexofstr>0)
set @badrowcount = @badrowcount + 1;
else
set @normalrowcount = @normalrowcount + 1;
fetch next from cur2 into @rowValue;
end;
close cur2;
deallocate cur2;
select @maxlength = max(DATALENGTH( ['+ @columnName +'] )) from [' + @tableName + '] '
declare @badrowcount int,@normalrowcount int,@maxlength int
execute sp_executesql @sql,N'@badrowcount int output,@normalrowcount int output,@maxlength int output',@badrowcount output, @normalrowcount output,@maxlength output
print '表名:[' + @tableName + '] 列名:[' + @columnName +']'
print '包含字符串行数:' + cast (@badrowcount as varchar(20))
print '不包含字符串行数:' + cast (@normalrowcount as varchar(20))
print '本列最长字符串长度:' + cast (@maxlength as varchar(20))
print ''
end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
close cur
deallocate cur
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新'
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 数据库被注入daxia123或cn.jxmmtv.com原因及解决办法.SQL语句执行即可
- 关于数据库查询语句SqlDataReader的连接释放问题的解决办法
- jsp界面写入数据库时中文乱码(sql语句执行中文乱码)解决办法
- android之Android中的SQL查询语句LIKE绑定参数问题解决办法(sqlite数据库)
- html显示数据库中的字段内容为sql语句时,出现隐藏了换行等字符的问题解决
- 巧用LinqToSql做数据库快速单表备份,增量更新,批量更新等的Sql语句.
- MS SQL Server 2000 数据库使用备份还原造成的孤立用户和对象名‘xxx’无效的错误的解决办法
- Excel拼装Sql语句将数据批量导入数据库
- Hibernate中多表联合查询遇到的问题(原生态的SQL语句解决办法)
- 【分享】通过Excel生成批量SQL语句,处理大量数据的好办法
- 在用dw.GetSqlSelect()获得到的Sql语句出现PBSELECT( VERSION的解决办法
- 解决并清除SQL被注入<script>恶意病毒代码的语句
- SQL 数据库 批量删除 注入的脚本
- 关于sql存储过程在IDE或数据库中执行报错的解决办法
- ORA-01843: 无效的月份,执行sql语句更改为美国语言后仍然失败的解决办法
- 解决并清除SQL被注入<script>恶意病毒代码的语句
- PowerDesigner15连接数据库报错解决办法Non SQL Error : Could not load class oracle.jdbc.OracleDriver
- T-SQL 语句插入中文数据时数据库显示全是问号“???”的解决方法(数据库编码规则)
- MyBatis MapperProvider MessageFormat拼接批量SQL语句执行报错的原因分析及解决办法
- 如何检测mysql 数据库执行了哪些sql语句 ecshop如何添加商品属性 ecshop 商品属性批量采集入库