zoukankan      html  css  js  c++  java
  • 修复被注入的sql server

    declare @delStr nvarchar(500)
    set @delStr='<script src=http://3b3.org/c.js></script>'----这边修改被注入的js
    
    set nocount on
    
    declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
    declare @sql nvarchar(500)
    
    set @iResult=0
    declare cur cursor for
    select name,id from sysobjects where xtype='U'
    
    open cur
    fetch next from cur into @tableName,@tbID
    
    while @@fetch_status=0
    begin
       declare cur1 cursor for
            --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
            select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
       open cur1
       fetch next from cur1 into @columnName
       while @@fetch_status=0
       begin
          begin try
             set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''          
             exec sp_executesql @sql      
             set @iRow=@@rowcount
             set @iResult=@iResult+@iRow
             if @iRow>0 
             begin
                print '表:[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
             end      
          end try 
          begin catch
          end catch
          fetch next from cur1 into @columnName
       end
    
       close cur1
       deallocate cur1
       
       fetch next from cur into @tableName,@tbID
    end
    print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
    
    close cur
    deallocate cur
    set nocount off
  • 相关阅读:
    为什么很多程序员都选择跳槽?
    程序员牛人跳槽
    批处理学习教程
    linux操作命令
    apache配置访问限制
    不常见使用的css
    input中的内容改变时触发的事件
    order by 特殊排序技巧
    CSS设置input placeholder文本的样式
    GoodUI:页面布局的技巧和设计理念
  • 原文地址:https://www.cnblogs.com/Yellowshorts/p/3580376.html
Copyright © 2011-2022 走看看