Recently looked for a lot of replacement to be inserted in the Trojan record, found a good statement, very useful, just use more than 10 lines of travel slogan, the entire database of all the table malicious Trojan cleared away, and in Google search to this record chance is very small, this special reprint! In order to find their own later, but also hope that future generations can be helped.
The original text reads as follows:
Copy Code code as follows:
DECLARE @t varchar (555), @c varchar (555), @inScript varchar (8000)
Set @inScript = ' Malicious code '
Declare table_cursor cursor FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype= ' U ' and (b . xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167)
Open Table_cursor
FETCH NEXT from Table_cursor into @t,@c
while (@ @fetch_status =0)
Begin
EXEC (' Update [' +@t+ '] set [' +@c+ ']=replace (CAST ([' +@c+ '] as varchar (8000)), ' + @inScript + ', ']
FETCH NEXT from Table_cursor into @t,@c
End
Close Table_cursor
Deallocate table_cursor;
Completely eliminate SQL injection
1. Do not use the SA user to connect to the database
2, create a new public rights database user, and use this user to access the database
3. [Role] Remove role public to select access to sysobjects and syscolumns objects
4, [user] User name-> Right-Properties-permissions-sysobjects and syscolumns above "x"
5, through the following code detection (failure to represent the right, if it can be shown that the permissions are too high):
Copy Code code as follows:
DECLARE @T varchar (255),
@c varchar (255)
DECLARE Table_cursor Cursor for
Select a.name,b.name from sysobjects a,syscolumns b
where a.id=b.id and a.xtype= ' U ' and (b.xtype=99 or b.xtype=35 or b.xtype=231)
OPEN Table_cursor
FETCH NEXT from Table_cursor into @t,@c
while (@ @FETCH_STATUS =0)
BEGIN Print @c
FETCH NEXT from Table_cursor into @t,@c
End
Close Table_cursor
Deallocate table_cursor
