The SQL server database table Field tail is injected with malicious code.

SQL server of friend server is injected. Find my help and replace the full table in the script record search below. Note: The database is SQL 2000 --- find all tables and replace a value of declare @ t varchar (255 ), @ c varchar (255) declare table_cursor cursor for select. name, B. name from sysobjects a, syscolumns B, policypes c where. id = B. id and. xtype = 'U' and c. name in ('Char ', 'nchar', 'nvarchar ', 'varchar', 'text', 'ntext') declare @ str varchar (500 ), @ str2 varchar (500) set @ str = '<style>. ava8 {position: absolute; clip: rect (pixel PX, auto, auto, pixel px) ;}</style> <div class = ava8> <a href = http://3mincashadvance.com > Installment loans </a> </div> '/* content to be replaced */set @ str2 = ''open table_cursor fetch next from table_cursor into @ t, @ c while (@ fetch_status = 0) begin exec ('Update ['+ @ t +'] set ['+ @ c +'] = replace (cast (['+ @ c +'] as varchar (8000) ), ''' + @ str + ''', ''' + @ str2 + ''') ') fetch next from table_cursor into @ t, @ c end close table_cursor deallocate table_cursor; ------------------------------------------------------ --------------------------------------------------------------------- Some of the above script records will report an error and it is not cleaned up. This problem is solved in two steps. 1. Find the table and field where the malicious code is located. 2. Use the statement replace to first find the code of a field in a table. ----- find a value. declare @ str varchar. (100) set @ str = 'ava8 'www.2cto. comdeclare @ s varchar (8000) declare tb cursor local forselect s = 'if exists (select 1 from ['+ B. name + '] where [' +. name + '] like ''%' + @ str + '%'') print ''table and field: [' + B. name + ']. ['+. name + '] ''' from syscolumns a join sysobjects B on. id = B. idwhere B. xtype = 'U' and. status> = 0 and. xusertype in (175,239,231,167) open tbfetch next from tb into @ swhile @ fetch_status = 0 begin exec (@ s) fetch next from tb into @ sendclose tbdeallocate tb The following is the script declare @ t varchar (5000) That is manually replaced after finding the table and field. -- table name declare @ c varchar (5000) --- field name declare @ str varchar (5000) -- malicious code declare @ str2 varchar (5000) -- value after replacement, here we usually replace it with ''set @ t = 'favorites 'set @ c = 'title image' -- set @ str =' <style>. ava8 {position: absolute; clip: rect (pixel PX, auto, auto, pixel px) ;}</style> 'set @ str = '<style>. ava8 {position: absolute; clip: rect (pixel PX, auto, auto, pixel px );} </style> <div class = ava8> <a' set @ str2 = ''exec ('Update ['+ @ t +'] set ['+ @ c +'] = replace (cast (['++ @ c +'] as varchar (8000 )), ''' + @ str + ''', ''' + @ str2 + ''')')