zoukankan      html  css  js  c++  java

  • 修复被注入的sql server

    declare @delStr nvarchar(500)
set @delStr='<script src=http://3b3.org/c.js></script>'----这边修改被注入的js

set nocount on

declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(500)

set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'

open cur
fetch next from cur into @tableName,@tbID

while @@fetch_status=0
begin
   declare cur1 cursor for
        --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
        select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
   open cur1
   fetch next from cur1 into @columnName
   while @@fetch_status=0
   begin
      begin try
         set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''          
         exec sp_executesql @sql      
         set @iRow=@@rowcount
         set @iResult=@iResult+@iRow
         if @iRow>0 
         begin
            print '表:[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
         end      
      end try 
      begin catch
      end catch
      fetch next from cur1 into @columnName
   end

   close cur1
   deallocate cur1
   
   fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'

close cur
deallocate cur
set nocount off
  • 相关阅读:
    ossec配置使用腾讯企业邮箱告警
    网络排除工具之tcping
    pyenv 安装
    CVE-2020-1472 漏洞检测
    容器技术的核心
    简述 进程、线程、协程的区别 以及应用场景--记录
    php函数使用
    php使用表单post方法进行页面
    CURL方式使用代理访问网站
    nginx下隐藏admin和当前域名下得index.php
  • 原文地址:https://www.cnblogs.com/Yellowshorts/p/3580376.html
Copyright © 2011-2022 走看看