批量替换sqlserver数据库挂马字段并防范sql注入攻击的代码
有时候网站sqlserver数据库被挂马了,网上的很多软件与方法都是针对text小于8000的,这里的方法貌似可行,需要的朋友可以参考下。
首先备份数据库,以防不必要的损失。而后对所有被挂马的小于8000字符的varchar字段执行
代码如下:
update 表名 set 字段名=replace(字段名,'','')
其中为挂马字段。执行后挂马字段被清除。但是有部分字段,比如内容字段等大于8000字符的varchar字段则需要执行
代码如下:
update 表名 set 表项=replace(cast(表项 as varchar(8000)),' ','')
来更新被挂马字段,而房产网由于内容比较多,执行以上语句的时候会发生假死现象,于是加个区间分两次进行,一次处理15000条得以解决。
代码如下:
update 表名 set 表项=replace(cast(表项 as varchar(8000)),' ','') where id>1 and id
以上被挂马问题一般都是sql数据库,这是sql数据库特有的注入漏洞。换数据库不现实,只能针对以上情况进行防范。思路就是在所有数据库链接请求那里做相应的过滤。
代码如下:
Response.Buffer = True '缓存页面
'防范get注入
If Request.QueryString "" Then StopInjection(Request.QueryString)
'防范post注入
If Request.Form "" Then StopInjection(Request.Form)
'防范cookies注入
If Request.Cookies "" Then StopInjection(Request.Cookies)
'正则子函数
Function StopInjection(Values)
Dim regEx
Set regEx = New RegExp
regEx.IgnoreCase = True
regEx.Global = True
regEx.Pattern = "'|;|#|([\s\b+()]+([email=select%7Cupdate%7Cinsert%7Cdelete%7Cdeclare%7C@%7Cexec%7Cdbcc%7Calter%7Cdrop%7Ccreate%7Cbackup%7Cif%7Celse%7Cend%7Cand%7Cor%7Cadd%7Cset%7Copen%7Cclose%7Cuse%7Cbegin%7Cretun%7Cas%7Cgo%7Cexists)[/s/b]select|update|insert|delete|declare|@|exec|dbcc|alter|drop|create|backup|if|else|end|and|or|add|set|open|close|use|begin|retun|as|go|exists)[\s\b[/email]+]*)"
Dim sItem, sValue
For Each sItem In Values
sValue = Values(sItem)
If regEx.Test(sValue) Then
Response.Write ""
Response.End
End If
Next
Set regEx = Nothing
End function
%>
做一个通用的sql防注入页面,把它包含在conn.asp数据库连接语句里边,这样就实现了全站的防范 sql 注入的攻击了。但是前台的类似?id=这样的语句还是存在注入漏洞,需要我们严格过滤 request.form 和 request.querystring 获取的内容。坚决不用 request("name") 这样的方式获取值,凡是采用 cookies 保存的内容,尽量不要用在sql语句里进行查询数据库操作。
如果不熟悉sqlserver的朋友可以用软件来实现
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
How to import mdf file into sqlserver
Apr 08, 2024 am 11:41 AM
The import steps are as follows: Copy the MDF file to SQL Server's data directory (usually C:\Program Files\Microsoft SQL Server\MSSQL\DATA). In SQL Server Management Studio (SSMS), open the database and select Attach. Click the Add button and select the MDF file. Confirm the database name and click the OK button.
How to solve the problem that the object named already exists in the sqlserver database
Apr 05, 2024 pm 09:42 PM
For objects with the same name that already exist in the SQL Server database, the following steps need to be taken: Confirm the object type (table, view, stored procedure). IF NOT EXISTS can be used to skip creation if the object is empty. If the object has data, use a different name or modify the structure. Use DROP to delete existing objects (use caution, backup recommended). Check for schema changes to make sure there are no references to deleted or renamed objects.
How to check sqlserver port number
Apr 05, 2024 pm 09:57 PM
To view the SQL Server port number: Open SSMS and connect to the server. Find the server name in Object Explorer, right-click it and select Properties. In the Connection tab, view the TCP Port field.
What to do if the sqlserver service cannot be started
Apr 05, 2024 pm 10:00 PM
When the SQL Server service fails to start, here are some steps to resolve: Check the error log to determine the root cause. Make sure the service account has permission to start the service. Check whether dependency services are running. Disable antivirus software. Repair SQL Server installation. If the repair does not work, reinstall SQL Server.
How to recover accidentally deleted database in sqlserver
Apr 05, 2024 pm 10:39 PM
If you accidentally delete a SQL Server database, you can take the following steps to recover: stop database activity; back up log files; check database logs; recovery options: restore from backup; restore from transaction log; use DBCC CHECKDB; use third-party tools. Please back up your database regularly and enable transaction logging to prevent data loss.
Where is the sqlserver database?
Apr 05, 2024 pm 08:21 PM
SQL Server database files are usually stored in the following default location: Windows: C:\Program Files\Microsoft SQL Server\MSSQL\DATALinux: /var/opt/mssql/data The database file location can be customized by modifying the database file path setting.
How to solve Java connection SqlServer error
May 01, 2023 am 09:22 AM
The problem was found that this time I was using the SqlServer database, which I had not used before, but the problem was not serious. After I connected the SqlServer according to the steps in the requirements document, I started the SpringBoot project and found an error, as follows: At first I thought it was a SqlServer connection. There was a problem, so I went to check the database and found that everything was normal. I first asked my colleagues if they had such a problem, and found that they did not, so I started my best part, facing Baidu. programming. The specific error message I started to solve was this, so I started Baidu error reporting: ERRORc.a.d.p.DruidDataSource$CreateCo
How to batch replace in pycharm
Dec 07, 2023 pm 05:27 PM
Pycharm can perform batch replacement by using the search and replace function, combining regular expressions for advanced replacement, using the code refactoring function, using Structural Search and Replace and importing external tools for batch replacement. Detailed introduction: 1. Use the search and replace function, open PyCharm, open the project or folder to be batch replaced, etc.
