以前同事写的站被注入了木马,所有表、字段都被嵌入的JS,自己写的替换程序

DECLARE CRMPSContact_cursor CURSOR FOR
Select
A.Name As TableName,
B.Name As ColName
from SysObjects A
Inner Join SysColumns B
On A.ID=B.ID
Where A.Type='U' (SELECT COLUMNPROPERTY( OBJECT_ID('' + a.name + ''),'' + b.colid + '','IsIdentity')=1)
Order By A.Name,B.ColID
OPEN CRMPSContact_cursor

Declare @table varchar(20)
Declare @col varchar(20)

Fetch next From CRMPSContact_cursor Into @table,@col
While @@fetch_status=0
Begin
--Update T_User Set [Name]=@Name,Age=@Age

print 'update ' + @table + ' set ' + @col+ ' = replace(' + @col + ',''<script src=http://3b3.org/c.js></script>'','''')'
--update @table set @col = replace(@col,'<script src=http://3b3.org/c.js></script>','')
--print 'select * from ' + @table + ' where ' + @col
Fetch Next From CRMPSContact_cursor Into @table,@col
End
Close CRMPSContact_cursor
Deallocate CRMPSContact_cursor

遍历所有表、所有字段、然后依次替换