Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cleaning After An Sql injection.

Status
Not open for further replies.
RobHat

RobHat

Technical User
Nov 30, 2007
91
0
0
GB
Hi there - we have recently had what seems to be an SQL injection attack - but this time the code inserted into DB fields appears to be random links to other sites. When I say random, I mean that each row within the table has had different content appended to the original content. I've attached an example of what has been appended.

The main part of it is within <SPAN STYLE='display:none'> </SPAN> followed by a comment within <!-- -->. The format of the injection appears consistent throughout although the content differs between the start/end tags inserted. I hope this makes sense!

I need to clean the database of all this additional content obviously. I have a script that cleans the db from previous attacks - but the difference here is that content to be removed varies throughout each row. Is there a way to UPDATE by removing from <SPAN STYLE='display:none'> UNTIL -->

I hope this makes sense. And thanks in advance.

Rob




 
Sort by date Sort by votes
You might try posting this thread in a SQL forum and have better luck. But if I am understanding what you need this might work for you...First, you need a function that can find the "nth" occurrance of a charcter(s). See below. Once you have that function you can update the table(s) affected.

Find "nth" occurrance function for SQL Server database.

CREATE FUNCTION fnNthIndex(@Input varchar(8000), @Delimiter char(1), @Ordinal int)
RETURNS int
AS
BEGIN
DECLARE @Pointer int, @Last int, @Count int
SET @Pointer = 1
SET @Last = 0
SET @Count = 1
WHILE (2>1)
BEGIN
SET @Pointer = CHARINDEX(@Delimiter, @Input, @Pointer)
IF @Pointer = 0 BREAK
IF @Count = @Ordinal
BEGIN
SET @Last=@Pointer
BREAK
END
SET @Count = @Count+1
SET @Pointer=@Pointer+1
END
RETURN @Last
END

Then run an update query similar to this to remove the unwanted characters (assuming all characters to be removed are appended to good data). In this example I am assuming the affected table is called 'employee' and the affected field is called 'lastname'.

update employee
set lastname = left(lastnam,dbo.fnNthIndex(lastname,'<SPAN', 1)-1)
from employee
where dbo.fnNthIndex(lastname,'<SPAN', 1) > 0


Hope this helps.
 
Upvote 0 Downvote
Hi there, Sorry I posted it here because the cleaner i was using was cf. It worked fine before but for this one I am having no luck. I maybe should have mentioned that lol.

Thanks for the response I will have a look through it now and get back to you.

Rob
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

fdgsogc
  • Locked
  • Question
Displaying results of an SQL Pivot Query
Replies
1
Views
127
jdhilljr
jdhilljr
HansKok
  • Locked
  • Question
Error after only changing text and not codes
Replies
0
Views
106
HansKok
HansKok
lollieleaver
  • Locked
  • Question
Dreamweaver CS4 - how can I make an Access database downloadable from my site?
Replies
2
Views
49
lollieleaver
lollieleaver
RosieGp
  • Locked
  • Question
How to read string of 0s and 1s 1
Replies
3
Views
139
LyndonOHRC
LyndonOHRC
redoakhg
  • Locked
  • Question
SQL Query Help 1
Replies
5
Views
66
redoakhg
redoakhg

Part and Inventory Search

Sponsor

Back
Top