ASP site in the database is linked to Trojan Horse Solutions _ Trojan Related

In this paper, we introduced the ASP database is linked to the Trojan Horse detailed solution of the programming approach, the solution is divided into the following three steps:

First step:

Make a backup of the existing database.

Step Two:

Execute the following ASP file, so you can remove the JS Trojan horse in the database:

Note: Conn.asp wrote it himself.

' Here is the content of JS Trojan Horse: Please remember to change the content of JS Trojan horse in your own database.

<!--#include file= "conn.asp"--> <% server.scripttimeout=180 Set rstschema = conn. OpenSchema (m) k=1 do Until rstschema.eof ' traverse database table If Rstschema ("table_type") = "table" Then Response.Write K&amp ;". <font color=red><b> "&rstschema (" table_name ") &" &LT;/B&GT;&LT;/FONT&GT;: "' Show Table name set rs= Server.CreateObject ("ADODB.") Recordset ") sql=" select * FROM ["& Rstschema (" table_name ") &"] "Rs.Open sql,conn,1,3 for I=0 to rs.fields.co Unt-1 ' traverses the field if int (RS (i) in the table. Type) =129 or int (RS (i). Type) =130 or int (RS (i). Type) =200 or int (RS (i). Type) =201 or int (RS (i). Type) =202 or int (RS (i). Type) =203 Then ' only fields conn.execute with field type character ("Update [" &rstschema ("table_name") & "] set" &rs (i) .name& " =replace (CAST ("&rs (i) .name&" as varchar (8000)), ' place in JS Trojan content ', ' ') Response.Write rs (i). Name & "" &rs ( i). 
 
Type & "" shows the name of the field that was executed. End If Next Response.Write ' <br> ' End If Rstschema.movenext kk=k+1 Loop response.Write "Execute successfully"%>  

If there are many database tables, the above traversal database structure has not been executed by IIS to stop. At this time can be in:

If Rstschema ("table_type") = "TABLE" Then

The range of K value should be added appropriately, such as:

If Rstschema ("table_type") = "TABLE" k>10 and k<20 Then

In this case, you can only operate 9 tables at a time.

Step Three:

According to the characteristics of the database JS injection (including characters such as <script, </script> and http://), put the following code in the conn.asp:

Function Cheack_sqljs () ' Prevent database outside of the chain JS injection: True for the discovery of the chain JS injection. Dim f_post,f_get cheack_sqljs=false if request.form<> "Then" form commit when detection for each f_post in Request.Form if (Instr (LCase (Request.Form (f_post)), "<script") <>0 or Instr (LCase (Request.Form)), "</script>") < >0) and Instr (LCase (Request.Form (f_post)), "http://") <>0 Then Exit for end If Ne XT End If Request.querystring<> "" Then ' querystring commit at the time of detection for each f_get in Request.QueryString if (Instr (LCase (Request.Form (F_get)), "<script") <>0 orinstr (LCase (Request.Form), "</script>") < >0) and Instr (LCase (Request.Form (F_get)), "http://") <>0 Then-cheack_sqljs=true Exit for end If Nex T end If End Function function checkdatafrom () ' Check the submission data source: True for data submitted from outside the station Checkdatafrom=true Server_v1=cstr (R Equest. ServerVariables ("Http_referer")) Server_v2=cstr (Request.ServerVariables ("SERVER_NAME")) if Mid (server_v1,8,len (SERVER_V2)) <>server_v2 then Checkdatafrom=false End If Cheack_sqljs or checkda Tafrom Then Response.Write "<script language=javascript>alert (' Prohibit execution, illegal operation.  ');</script> ' Response.End () end If

About ASP database is linked to the Trojan when the programming method is introduced here, I hope this introduction can bring you some harvest, thank you!