【澳门金沙vip】sql注入数据库修复的两种实例方法

澳门金沙vip,复制代码 代码如下: declare @delStr
nvarchar(500) set @delStr=’script src=’ –这里被注入的字段串
/****************************************/
/**********以下为操作实体************/ set nocount
on declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID
int,@iRow int,@iResult int declare @sql nvarchar(2000) set @iResult=0
declare cur cursor for select name,id from sysobjects where xtype=’U’
open cur fetch next from cur into @tableName,@tbID while
@@fetch_status=0 begin declare cur1 cursor for select name from
syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID open
cur1 fetch next from cur1 into @columnName while @@fetch_status=0 begin
set @sql=’update [‘ + @tableName + ‘] set [‘+ @columnName +’]=
SUBSTRING([‘ + @columnName + ‘],’ + ‘1, PATINDEX( ”%’ + @delStr +
‘%”, [‘ + @columnName + ‘])-1) + ‘ + ‘SUBSTRING([‘ + @columnName +
‘], PATINDEX( ”%’ + @delStr + ‘%”, [‘ + @columnName + ‘]) + ‘ +
‘len(”’ + @delStr + ”’) , datalength([‘ + @columnName + ‘])) where
[‘+@columnName+’] like ”%’+@delStr+’%”’ exec sp_executesql @sql set
@iRow=@@rowcount set @iResult=@iResult+@iRow if @iRow0 begin print
‘表:’+@tableName+’,列:’+@columnName+’被更新’+convert(varchar(10),@iRow)+’条记录;’
end fetch next from cur1 into @columnName end close cur1 deallocate cur1
fetch next from cur into @tableName,@tbID end print
‘数据库共有’+convert(varchar(10),@iResult)+’条记录被更新!!!’ close cur
deallocate cur set nocount off

1.第一种情况是 需要将指定的 注入字符串全部替换掉复制代码 代码如下:declare @delStr nvarchar(500)
set @delStr=’script src=//’ –这里被注入的字段串
/****************************************/
/**********以下为操作实体************/ set nocount
on declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID
int,@iRow int,@iResult int declare @sql nvarchar(2000) set @iResult=0
declare cur cursor for select name,id from sysobjects where xtype=’U’
open cur fetch next from cur into @tableName,@tbID while
@@fetch_status=0 begin declare cur1 cursor for select name from
syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID open
cur1 fetch next from cur1 into @columnName while @@fetch_status=0 begin
set @sql=’update [‘ + @tableName + ‘] set [‘+ @columnName +’]=
SUBSTRING([‘ + @columnName + ‘],’ + ‘1, PATINDEX( ”%’ + @delStr +
‘%”, [‘ + @columnName + ‘])-1) + ‘ + ‘SUBSTRING([‘ + @columnName +
‘], PATINDEX( ”%’ + @delStr + ‘%”, [‘ + @columnName + ‘]) + ‘ +
‘len(”’ + @delStr + ”’) , datalength([‘ + @columnName + ‘])) where
[‘+@columnName+’] like ”%’+@delStr+’%”’ exec sp_executesql @sql set
@iRow=@@rowcount set @iResult=@iResult+@iRow if @iRow0 begin print
‘表:’+@tableName+’,列:’+@columnName+’被更新’+convert(varchar(10),@iRow)+’条记录;’
end fetch next from cur1 into @columnName end close cur1 deallocate cur1
fetch next from cur into @tableName,@tbID end print
‘数据库教程共有’+convert(varchar(10),@iResult)+’条记录被更新!!!’ close
cur deallocate cur set nocount off