仅需2步修复被注入的sql server

 很多网站经常被当“肉站”来研究并注入，之后数据库所有表的所有char,varchar,nchar,nvarchar类型的字段值都被加上了一段JS

此时除了查找程序漏洞外 ，迫切要做的是恢复数据库，这里有一段SQL，你只要进入查询分析器 指定被注入的数据库，然后运行即可。

注意：第二行的js换成你数据库中被植入的JS，其他不用改。

 

declare @delStr nvarchar(500)set @delStr='<script src=http://3b3.org/c.js></script>'set nocount ondeclare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult intdeclare @sql nvarchar(500)set @iResult=0declare cur cursor forselect name,id from sysobjects where xtype='U'open curfetch next from cur into @tableName,@tbIDwhile @@fetch_status=0begin   declare cur1 cursor for        --xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型        select name from syscolumns where xtype in (231,167,239,175) and id=@tbID   open cur1   fetch next from cur1 into @columnName   while @@fetch_status=0   begin      begin try         set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''                   exec sp_executesql @sql               set @iRow=@@rowcount         set @iResult=@iResult+@iRow         if @iRow>0          begin            print '表：[' + @tableName + '],列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'         end            end try       begin catch      end catch      fetch next from cur1 into @columnName   end   close cur1   deallocate cur1      fetch next from cur into @tableName,@tbIDendprint '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'close curdeallocate curset nocount off