SQL Injection Removal

25 pts.
Tags:
Database security
SQL
SQL injection
Web security
How can i remove all instances of the following from my database? <script src=http://www.jic2.ru/script.js></script> thanks Bosco

Answer Wiki

Thanks. We'll let you know when a new response is added.

Here is some code which I’ve thrown together to handle this. I’ll be posting it on my blog in a bit. Just set the value of the @InsertedValue variable are you should be good to go.

<pre>
DECLARE @sql NVARCHAR(4000)
DECLARE @InsertedValue NVARCHAR(1000)
SET @InsertedValue = ‘The Script tags which were inserted’
DECLARE cur CURSOR FOR
select ‘update [‘ + sysusers.name + ‘].[‘ + sysobjects.name + ‘]
set [‘ + syscolumns.name + ‘] = replace([‘ + syscolumns.name + ‘], ”’ + @InsertedValue + ”’, ””)’
from syscolumns
join sysobjects on syscolumns.id = sysobjects.id
and sysobjects.xtype = ‘U’
join sysusers on sysobjects.uid = sysusers.uid
where syscolumns.xtype in (35, 98, 99, 167, 175, 231, 239, 241, 231)
OPEN cur
FETCH NEXT FROM cur INTO @sql
WHILE @@FETCH_STATUS = 0
BEGIN
exec (@sql)
FETCH NEXT FROM cur INTO @sql
END
CLOSE cur
DEALLOCATE cur</pre>

Discuss This Question:  

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following