sql注入数据库修复方法
2024-08-29 10:18:44
1.第一种情况是 需要将指定的 注入字符串全部替换掉(仅替换注入的字符串为空)
declare @delStr nvarchar(500)
set @delStr='<script src=http://www.111cn.net/js/common.js></script>' --这里被注入的字段串
/****************************************/
/**********以下为操作实体************/
set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(2000)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
select name from syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
set @sql='update [' + @tableName + '] set ['+ @columnName +']= SUBSTRING([' + @columnName + '],' + '1, PATINDEX( ''%' + @delStr + '%'', [' + @columnName + '])-1) + ' + 'SUBSTRING([' + @columnName + '], PATINDEX( ''%' + @delStr + '%'', [' + @columnName + ']) + ' + 'len(''' + @delStr + ''') , datalength([' + @columnName + '])) where ['+@columnName+'] like ''%'+@delStr+'%'''
exec sp_executesql @sql
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
if @iRow>0
begin
print '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
end
fetch next from cur1 into @columnName end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
print '数据库教程共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
close cur
deallocate cur
set nocount off
2.第二种是 需要将注入到表中起始位置到最后都删掉。(此种方法直接找到注入的起始位置,后面的全部删掉)
--恢复被注入数据库
--2013-09-26
declare @delStr nvarchar(500)
set @delStr='</title><style>.' --被注入的字段串的开始采样,从此位置后面的数据都为注入数据 /**********以下为操作实体************/
set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(2000)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
select name from syscolumns where xtype in (231,167,239,175, 35, 99) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
set @sql='update [' + @tableName + '] set ['+ @columnName +']=
SUBSTRING([' + @columnName + '],1, PATINDEX( ''%' + @delStr + '%'', [' + @columnName + '])-1) where ['+@columnName+'] like ''%'+@delStr+'%'''
exec sp_executesql @sql
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
if @iRow>0
begin
print '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
end
fetch next from cur1 into @columnName end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
print '数据库教程共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
close cur
deallocate cur
set nocount off
最新文章
- 七牛整合PHP上传文件
- 替换 PDF 文字
- 8. Android框架和工具之 NineOldAndroids(动画框架)
- 打通ssh的方法
- C#中实现抽象类里建立静态方法
- 修改sphinx最大输出记录数
- Spark集群模式概述
- UVALive 6467 Strahler Order 拓扑排序
- java中的 private Logger log=Logger.getLogger(this.getClass());
- unix网络编程环境搭建
- 笔记︱风控分类模型种类(决策、排序)比较与模型评估体系(ROC/gini/KS/lift)
- Nginx CONTENT阶段 autoindex、index模块
- .net基础学java系列(五)慢性自杀 之 沉沦在IDE中
- vue2.0实现过滤
- python接口自动化测试十七:使用bs4框架进行简单的爬虫
- 下拉菜单被表单、图片、FLASH挡住的解决办法
- js 实现滚动字幕
- jquery chosen api
- windows下 删除指定文件夹里面一周前的所有文件和文件夹的bat
- 【OpenCV】特征检测器 FeatureDetector