Recently, a business website launched by the company was attacked by hackers. through SQL injection, the trojan was injected into the database, and the whole MSSQL Server
All the data is appended with malicious scripts. Recently, I found a batch replacement of inserted Trojan records and found a good statement. It is very useful. I only use a dozen rows of cursor statements, all the tables in the database are evil.
The trojan is cleared, and the probability of this record being searched by Google is very small. I will repost it here! In the future, we hope that future generations can get help. The original article is as follows: declare @ t varchar (555), @ C varchar (555), @ inscript varchar (8000) set @ inscript = 'malicious Code' declare table_cursor cursor for select. name, B. name from
Sysobjects A, syscolumns B where a. ID = B. ID and A. xtype = 'U' and
(B. xtype = 99 or B. xtype = 35 or B. xtype = 231 or B. xtype = 167) Open table_cursor fetch next from table_cursor into @ T, @ C while (@ fetch_status = 0) begin exec ('Update ['+ @ T +'] Set ['+ @ C +'] = Replace (cast (['+ @ C +'] As varchar (8000) ), ''' + @ inscript + ''', ''') ') Fetch next from table_cursor into @ T, @ C end close table_cursor deallocate table_cursor; completely eliminate SQL injection 1. do not use the SA user to connect to the database. 2. Create a public permission database user, use this user to access the database. 3. Remove the select access permission of the role public to the sysobjects and syscolumns objects. 4. Right-click the [user] user name and choose "property"> "permission" from the context menu. in syscolumns, enter "X" 5. Use the following code to check whether the permission is correct, if displayed, the permission is too high.): declare @ t varchar (255), @ C varchar (255) Declare table_cursor cursor for select. name, B. name from sysobjects A, syscolumns B where. id = B. ID and. xtype = 'U' and (B. xtype = 99 or B. xtype = 35 or B. xtype = 231 or B. xtype = 167) Open table_cursor fetch next from table_cursor into @ T, @ C while (@ fetch_status = 0) Begin print @ C fetch next from table_cursor into @ t, @ C end close table_cursor deallocate table_cursor
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
