刪除SQL隱碼攻擊的程式碼

iSQlServer發表於2009-08-13
SQL


declare @t varchar(555),@c varchar(555) ,@inScript. varchar(8000) 
set @inScript='
declare table_cursor cursor for select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) 
open table_cursor 
fetch next from table_cursor into @t,@c 
while(@@fetch_status=0) 
begin 
exec('update ['+@t+'] set  ['+@c+']=replace(cast(['+@c+'] as varchar(8000)),'''+@inScript+''','''')'  ) 
fetch next from table_cursor into @t,@c 
end 
close table_cursor 
deallocate table_cursor;

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/16436858/viewspace-612111/,如需轉載,請註明出處,否則將追究法律責任。

相關文章