zoukankan      html  css  js  c++  java

  • 修复被注入的sql server

    declare @delStr nvarchar(500)
set @delStr='<script src=http://3b3.org/c.js></script>'----这边修改被注入的js

set nocount on

declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(500)

set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'

open cur
fetch next from cur into @tableName,@tbID

while @@fetch_status=0
begin
   declare cur1 cursor for
        --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
        select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
   open cur1
   fetch next from cur1 into @columnName
   while @@fetch_status=0
   begin
      begin try
         set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''          
         exec sp_executesql @sql      
         set @iRow=@@rowcount
         set @iResult=@iResult+@iRow
         if @iRow>0 
         begin
            print '表:[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
         end      
      end try 
      begin catch
      end catch
      fetch next from cur1 into @columnName
   end

   close cur1
   deallocate cur1
   
   fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'

close cur
deallocate cur
set nocount off
  • 相关阅读:
    Powershell增加ADB命令
    电脑通过ADB截图脚本
    常用Website List
    护眼豆绿色背景RGB
    xshell方便设置
    解决 Xshell6|Xftp6 强制升级
    beyond compare 4.2.9桌面右键集成的问题修复
    Ubuntu中Samba的安装配置和使用
    excel设置保护工作区域
    【转载】学习 Qt 编程的好书推荐
  • 原文地址:https://www.cnblogs.com/Yellowshorts/p/3580376.html
Copyright © 2011-2022 走看看