批量删除MSSQL被挂JS木马语句

declare @delStr varchar(8000)
set @delStr='</title><style>.a84c{position:absolute;clip:rect(476px,auto,auto,476px);}</style><div class=a84c'


set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(500)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
       --xtype in (231,167,239,175,99,35) 为char,varchar,nchar,nvarchar,ntext,text类型
       select name from syscolumns where xtype in (231,167,239,175,99,35) and id=@tbID 
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
     set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(cast(['+@columnName+'] as varchar(8000)),'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%''' 
     --update tablename set fieldA=replace(cast(fieldA as varchar(8000)) ,'aa','bb')这样的语句。
     exec sp_executesql @sql     
     set @iRow=@@rowcount
     set @iResult=@iResult+@iRow
     if @iRow>0
     begin
print '表:'+@tableName+' ,列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
     end     
     fetch next from cur1 into @columnName

end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
close cur
deallocate cur
set nocount off 

上面就是批量删除数据库中所有字符串后面被挂JS木马的批量删除语句,记录下。

posted on 2013-02-20 09:55  ~紫鱼~  阅读(278)  评论(0编辑  收藏  举报