ASP Processing Method for database Trojans

I believe many people have encountered this problem. Here, I will explain how to handle it.
Step 1: Back up existing databases.
Step 2:
Execute the following ASP file to remove the JS trojan in the database:
Note: conn. asp has already been written.
'Add the JS Trojan content here: Remember to change it to the JS Trojan content in your own database.
<! -- # Include file = "conn. asp" -->
<%
Server. scripttimeout = 180
Set rstschema = conn. openschema (20)
K = 1
Do until rstschema. EOF 'traverses the database table
If rstschema ("table_type") = "table" then
Response. Write K & ". <font color = Red> <B>" & rstschema ("table_name") & "</B> </font>:" 'displays the table name.
Set rs = server. Createobject ("ADODB. recordset ")
SQL = "select * from [" & rstschema ("table_name") & "]"
Rs. Open SQL, Conn, 1, 3
For I = 0 to Rs. Fields. Count-1 'traverse the fields in the table
If int (RS (I ). type) = 129 or int (RS (I ). type) = 130 or int (RS (I ). type) = 200 or int (RS (I ). type) = 201 or int (RS (I ). type) = 202 or int (RS (I ). type) = 203 then' only process fields with the field type of bytes
Conn.exe cute ("Update [" & rstschema ("table_name") & "] Set" & RS (I ). name & "= Replace (cast (" & RS (I ). name & "as varchar (8000), 'Put the JS Trojan content here ','')")
Response. Write RS (I). Name & "& RS (I). Type &" 'shows the name of the field that has been executed.
End if
Next
Response. Write "<br>"
End if
Rstschema. movenext
K = k + 1
Loop
Response. Write "execution successful"
%>
If there are many database tables, IIS stops the traversal of the database structure. At this time, you can
If rstschema ("table_type") = "table" then
Add the range of K values, for example:
If rstschema ("table_type") = "table" k> 10 and K <20 then
In this way, only nine tables can be operated at a time.
Step 3:
Based on the characteristics of database JS injection (including <SCRIPT, </SCRIPT> and http ),
Put the following code in conn. asp:
Function cheack_sqljs () 'prevents JS injection of external links of the database: True indicates JS injection of external links of discovery.
Dim f_post, f_get
Cheack_sqljs = false
If request. Form <> "" then' detection when the form is submitted
For each f_post in request. Form
If (instr (lcase (request. form (f_post), "<script") <> 0 or instr (lcase (request. form (f_post), "</SCRIPT>") <> 0) and instr (lcase (request. form (f_post), "http: //") <> 0 then
Cheack_sqljs = true
Exit
End if
Next
End if
If request. querystring <> "then'querystring detection when submitted
For each f_get in request. querystring
If (instr (lcase (request. form (f_get), "<script") <> 0 or instr (lcase (request. form (f_get), "</SCRIPT>") <> 0) and instr (lcase (request. form (f_get), "http: //") <> 0 then
Cheack_sqljs = true
Exit
End if
Next
End if
End Function
Function checkdatafrom () 'Check submitted data source: True is the data submitted from outside the site
Checkdatafrom = true
Server_v1 = CSTR (request. servervariables ("http_referer "))
Server_v2 = CSTR (request. servervariables ("SERVER_NAME "))
If mid (server_v1, 8, Len (server_v2) <> server_v2 then
Checkdatafrom = false
End if
End Function
If cheack_sqljs or checkdatafrom then
Response. Write "<script language = JavaScript> alert ('execution prohibited, illegal operation. '); </SCRIPT>"
Response. End ()
End if