Database is hanging horse I believe a lot of people have met. Here, I'll talk about the way I deal with it.
First step: Make a backup of the existing database.
Step Two:
Execute the following ASP file, so you can remove the JS Trojan horse in the database:
Note: Conn.asp wrote it himself.
' Here is the content of JS Trojan Horse: Please remember to change the content of JS Trojan horse in your own database.
<!--#include file= "Conn. ASP "-->
<%
server.scripttimeout=180
Set Rstschema = conn. OpenSchema (20)
K=1
Do Until rstschema.eof ' traverse database table
If Rstschema ("table_type") = "TABLE" Then
Response.Write k& ". <font color=red><b>" &rstschema ("table_name") & "</b></font> : "' Show Table name
Set rs=server.createobject ("ADODB. Recordset ")
Sql= "SELECT * FROM [" & Rstschema ("table_name") & "]"
Rs.Open sql,conn,1,3
For i=0 to rs.fields.count-1 ' traversal of fields in a table
If Int (rs (i). Type) =129 or int (RS (i). Type) =130 or int (RS (i). Type) =200 or int (RS (i). Type) =201 or int (RS (i). Type) =202 or int (RS (i). Type) =203 Then ' Handles only fields with field type character type
Conn.execute ("Update [" &rstschema ("table_name") & "Set" &rs (i) .name& "=replace" (CAST ("&rs"). name& "as varchar (8000)), ' Put the JS trojan content ' here ', ')"
Response.Write rs (i). Name & "" &rs (i). Type & "" shows the name of the field that was executed.
End If
Next
Response.Write "<br>"
End If
Rstschema.movenext
K=k+1
Loop
Response. Write "Successful Execution"
%>
If there are many database tables, the above traversal database structure has not been executed by IIS to stop. At this time can be in
If Rstschema ("table_type") = "TABLE" Then
The range of K value should be added appropriately, such as:
If Rstschema ("table_type") = "TABLE" k>10 and k<20 Then
In this case, you can only operate 9 tables at a time.
Step Three:
According to the characteristics of the database JS injection (including characters such as <script, </script> and http://),
In Conn. The following code is placed in the ASP:
Function Cheack_sqljs () ' Prevent database outside of the chain JS injection: True for the discovery of the chain JS injection.
Dim F_post,f_get
Cheack_sqljs=false
If request.form<> "Then" form submission detection
For each f_post in Request.Form
If (LCase (Request.Form (F_post), "<script") <>0 or Instr (LCase (Request.Form), F_post (</script), Instr > ") <>0) and Instr (LCase (Request.Form (f_post))," http://") <>0 Then
Cheack_sqljs=true
Exit for
End If
Next
End If
If request.querystring<> "" Then ' querystring when submitted for detection
For each f_get in Request.QueryString
If (LCase (Request.Form (F_get), "<script") <>0 or Instr (LCase (Request.Form), "</script>"), "Instr" <>0) and Instr (LCase (Request.Form (F_get)), "http://") <>0 Then
Cheack_sqljs=true
Exit for
End If
Next
End If
End Function
Function checkdatafrom () ' Check the submission data source: True for data submitted from outside the station
Checkdatafrom=true
Server_v1=cstr (Request.ServerVariables ("Http_referer"))
Server_v2=cstr (Request.ServerVariables ("SERVER_NAME"))
If Mid (Server_v1,8,len (SERVER_V2)) <>server_v2 Then
Checkdatafrom=false
End If
End Function
If Cheack_sqljs or Checkdatafrom Then
Response.Write "<script Language=javascript>alert (' forbidden to execute, illegal operation. ');</script> "
Response.End ()
End If
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
