有个客户的自助建站的数据库很多表加入了木马的脚本,在网上找到了这个好用的东东,可以在整个数据库的所有表,所有字段中查找关键字,终于把挂马的脚本给删除了
--全数据库查找适合SQL2005
--运行存储过程
exec [sp_Search_All_DataBase] @v_search_text='查找关键字内容'
exec [sp_Search_All_DataBase] @v_search_text='<script src=http://nbnjkl.com/urchin.js ></script>'
--这个存储过程,查找到关键字的表和字段就会print出来
--新建存储过程
create procedure [sp_Search_All_DataBase]
@v_search_text varchar(500)
AS
declare @v_sql nvarchar(300)
declare @v_tab_name varchar(50)
declare @v_colu_name varchar(50)
declare @cot int
declare c_tab_col_name cursor for
select distinct sysobjects.name as tab_name,syscolumns.name as colu_name
FROM syscolumns, sysobjects, systypes
WHERE sysobjects.id = syscolumns.id AND systypes.type = syscolumns.type AND sysobjects.type='u'
order by sysobjects.name,syscolumns.name
Open c_tab_col_name
Fetch next From c_tab_col_name Into @v_tab_name,@v_colu_name
While(@@Fetch_Status = 0)
BEGIN
SET NOCOUNT ON;
set @v_sql= 'select @cot=count(1) from '+ @v_tab_name + ' where '+ @v_colu_name + ' like ''%' + @v_search_text+'%'''
--Print @v_sql
begin try
exec sp_executesql @v_sql,N'@cot int output',@cot output
--print @@error
--print @cot
if @@error=0 and @cot>0
begin
-- print @cot
--print 'select * from '+ @v_tab_name + ' where '+ @v_colu_name + ' like ''%' + @v_search_text+'%'''
--拼装出来删除挂马的脚本
set @v_sql= 'update '+ @v_tab_name + ' set '+ @v_colu_name + ' = replace(cast('+ @v_colu_name + ' AS varchar(8000)), ''' + @v_search_text+''','''') '
print @v_sql
--exec sp_executesql @v_sql
end
end try
begin catch
-- print @@error
-- print @@error
end catch
Fetch next From c_tab_col_name Into @v_tab_name,@v_colu_name
END
Close c_tab_col_name
Deallocate c_tab_col_name