【ZT】网站字符型字段被注入的解决办法
--该功能是删除所有包含@SearchString字符串位置开始,直到最末尾的数据
DECLARE @fieldtype sysname
DECLARE @SearchString varchar(500)
SET @fieldtype='nvarchar' --字段类型
SET @SearchString = '<script_src=http://ucmal.com/0.js> </script>' --需要删除的数据
--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = stuff(' + QUOTENAME(c.name) + ',charindex(''' + @SearchString + ''',' + QUOTENAME(c.name) + '),len(' + QUOTENAME(c.name) + '),'''')'
+N' where charindex(''' + @SearchString + ''',' + QUOTENAME(c.name) + ') > 0'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'
DECLARE @fieldtype sysname
DECLARE @SearchString varchar(500)
SET @fieldtype='nvarchar' --字段类型
SET @SearchString = '<script_src=http://ucmal.com/0.js> </script>' --需要删除的数据
--删除处理
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = stuff(' + QUOTENAME(c.name) + ',charindex(''' + @SearchString + ''',' + QUOTENAME(c.name) + '),len(' + QUOTENAME(c.name) + '),'''')'
+N' where charindex(''' + @SearchString + ''',' + QUOTENAME(c.name) + ') > 0'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name=@fieldtype
EXEC sp_MSforeach_Worker @command1=N'?'