資料庫被批量注入解決辦法(SQL語句)

針對最近老是出現的SQL注入，借鑒網上一些SQL語句，寫了如下語句。希望對中招的朋友有所幫助。

使用方法：複制以下代碼到SQL查詢分析器，将‘<script src=http://cn.jxmmtv.com/cn.js></script>’修改成被注入的腳本。

declare @delStr nvarchar(500)

set @delStr='<script src=http://cn.jxmmtv.com/cn.js></script>'

set nocount on

declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int

declare @sql nvarchar(4000)

set @iResult=0

declare cur cursor for

select name,id from sysobjects where xtype='U'

open cur

fetch next from cur into @tableName,@tbID

while @@fetch_status=0

begin

   declare cur1 cursor for

        --xtype in (231,167,239,175) 為char,varchar,nchar,nvarchar類型35為text,99為ntext

        select name from syscolumns where xtype in (35,99) and [email protected]

   open cur1

   fetch next from cur1 into @columnName

   while @@fetch_status=0

   begin

      set @sql = 'update ['+ @tableName +']   set [' +  @columnName+ '] = replace(cast([' + @columnName + '] as varchar(8000)) ,''' + @delStr + ''','''') where ['[email protected]+'] like ''%'[email protected]+'%'''   

      --execute sp_executesql @sql  --第一次運作,先注釋掉本句,檢視資料庫被破壞情況,根據情況選擇是否啟用該語句

      set @iRow=@@rowcount

      set @[email protected][email protected]

      print @sql

      fetch next from cur1 into @columnName        

      set     @sql='declare @rowValue varchar(4000);

                  declare @indexofstr int;

                  --declare @badrowcount int;

                  --declare @normalrowcount int;

                  set @badrowcount  = 0

                  set @normalrowcount = 0

                  declare cur2 cursor for select ['+ @columnName +'] from [' + @tableName + '];

                  open cur2;fetch next from cur2 into @rowValue;

                  while @@fetch_status=0

                  begin

                      select @indexofstr = charindex('''[email protected]+''',@rowValue);

                      if(@indexofstr>0)

                            set @badrowcount  = @badrowcount + 1;

                      else

                           set @normalrowcount  = @normalrowcount + 1;

                      fetch next from cur2 into @rowValue;

                  end;

                  close cur2;

                  deallocate cur2;

                  select @maxlength  = max(DATALENGTH( ['+ @columnName +']  )) from [' + @tableName + '] '

      declare @badrowcount int,@normalrowcount int,@maxlength int

      execute sp_executesql @sql,N'@badrowcount int output,@normalrowcount int output,@maxlength int output',@badrowcount output, @normalrowcount output,@maxlength output      

      print '表名:[' +  @tableName  + '] 列名:[' +  @columnName +']'

      print '包含字元串行數:'   + cast (@badrowcount as varchar(20))

      print '不包含字元串行數:' + cast (@normalrowcount as varchar(20))

      print '本列最長字元串長度:' + cast (@maxlength as varchar(20))

      print ''

   end

   close cur1

   deallocate cur1

   fetch next from cur into @tableName,@tbID

end

close cur

deallocate cur

print '資料庫共有'+convert(varchar(10),@iResult)+'條記錄被更新'