上一篇
下一篇
mssql被注入js的解决办法
作者:阿标 日期:2009-08-09
发现网站后台登陆不了了,打开前台页面一看,asp页面变得惨不忍睹.
动态显示的内容被插入了"<script src=http://s1.XXXX.com/jp.js></script>"这样的垃圾代码.
赶紧打开我的mssql,TMD,数据库比前台还难看.
大概看了一下,varchar nvarchar varchar ntext,text 类型的字段都被加入的垃圾代码.
八成是被注入了,网站页面和程序太多,难免会顾此失彼.唉~~~
解决之道分三步走
被注入数据库的还原
因为表比较多,所以决定批量replace掉.
在查询分析器里面运行下面的代码:
varchar是你要生成替换语句的字段类型
<script src=http://s1.XXX.com/jp.js></script> 是垃圾代码
Select 'update' AS tt, dbo.sysobjects.name, ' set ' AS tt1,
dbo.syscolumns.name AS Expr1, '=replace( ' AS tt2, dbo.syscolumns.name AS Expr2,
',''<script src=http://s1.XXX.com/jp.js></script>'','''' ); ' AS tt3
FROM dbo.syscolumns INNER JOIN
dbo.sysobjects ON dbo.syscolumns.id = dbo.sysobjects.id INNER JOIN
dbo.systypes ON dbo.syscolumns.xtype = dbo.systypes.xtype
Where (dbo.sysobjects.type = 'U') AND (dbo.syscolumns.name <> 'sn') AND
(dbo.systypes.name = 'nvarchar')
对于ntext,text的更新 用replace是不行的,查询了很多资料,发现可以用cast把它映射成varchar字段,然后替换既可,
批量替换生成查询语句如下:
Select 'update' AS tt, dbo.sysobjects.name, ' set ' AS tt1,
dbo.syscolumns.name AS Expr1, '=replace(cast( ' AS tt2, dbo.syscolumns.name+' as varchar(8000))' AS Expr2,
',''<script src=http://s1.XXX.com/jp.js></script>'','''' ); ' AS tt3
FROM dbo.syscolumns INNER JOIN
dbo.sysobjects ON dbo.syscolumns.id = dbo.sysobjects.id INNER JOIN
dbo.systypes ON dbo.syscolumns.xtype = dbo.systypes.xtype
Where (dbo.sysobjects.type = 'U') AND (dbo.syscolumns.name <> 'sn') AND
(dbo.systypes.name = 'ntext')
动态显示的内容被插入了"<script src=http://s1.XXXX.com/jp.js></script>"这样的垃圾代码.
赶紧打开我的mssql,TMD,数据库比前台还难看.
大概看了一下,varchar nvarchar varchar ntext,text 类型的字段都被加入的垃圾代码.
八成是被注入了,网站页面和程序太多,难免会顾此失彼.唉~~~
解决之道分三步走
被注入数据库的还原
因为表比较多,所以决定批量replace掉.
在查询分析器里面运行下面的代码:
varchar是你要生成替换语句的字段类型
<script src=http://s1.XXX.com/jp.js></script> 是垃圾代码
Select 'update' AS tt, dbo.sysobjects.name, ' set ' AS tt1,
dbo.syscolumns.name AS Expr1, '=replace( ' AS tt2, dbo.syscolumns.name AS Expr2,
',''<script src=http://s1.XXX.com/jp.js></script>'','''' ); ' AS tt3
FROM dbo.syscolumns INNER JOIN
dbo.sysobjects ON dbo.syscolumns.id = dbo.sysobjects.id INNER JOIN
dbo.systypes ON dbo.syscolumns.xtype = dbo.systypes.xtype
Where (dbo.sysobjects.type = 'U') AND (dbo.syscolumns.name <> 'sn') AND
(dbo.systypes.name = 'nvarchar')
对于ntext,text的更新 用replace是不行的,查询了很多资料,发现可以用cast把它映射成varchar字段,然后替换既可,
批量替换生成查询语句如下:
Select 'update' AS tt, dbo.sysobjects.name, ' set ' AS tt1,
dbo.syscolumns.name AS Expr1, '=replace(cast( ' AS tt2, dbo.syscolumns.name+' as varchar(8000))' AS Expr2,
',''<script src=http://s1.XXX.com/jp.js></script>'','''' ); ' AS tt3
FROM dbo.syscolumns INNER JOIN
dbo.sysobjects ON dbo.syscolumns.id = dbo.sysobjects.id INNER JOIN
dbo.systypes ON dbo.syscolumns.xtype = dbo.systypes.xtype
Where (dbo.sysobjects.type = 'U') AND (dbo.syscolumns.name <> 'sn') AND
(dbo.systypes.name = 'ntext')
文章来自: 
引用通告: 
Tags: 
相关日志:
评论: 0 | 引用: 0 | 查看次数: 450
发表评论
