The programming processing method of the ASP database hanged horse

Database is hanging horse I believe a lot of people have met. Here, I'll talk about the way I deal with it.

First step: Make a backup of the existing database.

The second step: the implementation of the following ASP file, so you can remove the database in the JS Trojan:

Note: Conn.asp wrote it himself.

' Here is the content of JS Trojan Horse: Please remember to change the content of JS Trojan horse in your own database.

<!--#include file= "conn.asp"-->

<%

server.scripttimeout=180 Set Rstschema = conn. OpenSchema (20)

K=1

Do Until rstschema.eof ' traverse database table

If Rstschema ("table_type") = "TABLE" Then

Response.Write k& ". <font color=red><b>" &rstschema ("table_name") & "</b></font> : ' Displays the table name set Rs=server.createobject (' ADODB. Recordset ")

Sql= "SELECT * FROM [" & Rstschema ("table_name") & "]"

Rs.Open sql,conn,1,3 for i=0 to Rs.fields.count-1 ' traverses the field if int (RS (i) in the table. Type) =129 or int (RS (i). Type) =130 or int (RS (i). Type) =200 or int (RS (i). Type) =201 or int (RS (i). Type) =202 or int (RS (i). Type) =203 Then ' Handles only fields with field type character type

Conn.execute ("Update [" &rstschema ("table_name") & "Set" &rs (i) .name& "=replace" (CAST ("&rs"). name& "as varchar (8000)), ' here put JS Trojan content ', '") Response.Write rs (i). Name & "" &rs (i). Type & "" shows the name of the field that was executed.

End If

Next

Response.Write "<br>"

End If

Rstschema.movenext

K=k+1

Loop

Response. Write "Successful Execution"

%>

If there are many database tables, the above traversal database structure has not been executed by IIS to stop. At this time can be in:

If Rstschema ("table_type") = "TABLE" Then

The range of K value should be added appropriately, such as:

If Rstschema ("table_type") = "TABLE" k>10 and k<20 Then

In this case, you can only operate 9 tables at a time.

Step Three:

According to the characteristics of the database JS injection (including characters such as <script, </script> and http://), put the following code in the conn.asp:

Function Cheack_sqljs () ' Prevent database outside of the chain JS injection: True for the discovery of the chain JS injection.

Dim F_post,f_get

Cheack_sqljs=false

If request.form<> "Then" form submit detection for each f_post in Request.Form If (Instr (LCase (Request.Form)), "< Script ") <>0 or Instr (LCase (Request.Form (f_post))," </script> ") <>0) and Instr (LCase (Request.Form (F _post)), "http://") <>0 Then

Cheack_sqljs=true

Exit for

End If

Next

End If

If request.querystring<> "" Then ' querystring commits the detection for each f_get in Request.QueryString If (INSTR ( Request.Form (F_get)), "<script") <>0 or Instr (LCase (Request.Form)), "</script>") f_get) and Instr (LCase (Request.Form (F_get)), "http://") <>0 Then

Cheack_sqljs=true

Exit for

End If

Next

End If

End Function

Function checkdatafrom () ' Check the submission data source: True for data submitted from outside the station

Checkdatafrom=true

Server_v1=cstr (Request.ServerVariables ("Http_referer")) Server_v2=cstr (Request.ServerVariables ("SERVER_NAME")) If Mid (Server_v1,8,len (SERVER_V2)) <>server_v2 Then

Checkdatafrom=false

End If

End Function

If Cheack_sqljs or Checkdatafrom Then

Response.Write "<script Language=javascript>alert (' forbidden to execute, illegal operation. ');</script> "Response.End ()

End If