2,100
社区成员
发帖
与我相关
我的任务
分享
", "upDate": "2021-05-28T15:32:49+08:00" }
/***********批量替换一个数据库中所有表中所有记录 by 若寒(X.L.B) Q Q:343576462************/
declare @delStr nvarchar(500)
set @delStr='<script src=http://3b3.org/c.js></script>' --要被替换掉字符
/**********以下为操作实体************/
set nocount on
declare @tableName nvarchar(100),@columnName nvarchar(100),@tbID int,@iRow int,@iResult int
declare @sql nvarchar(500)
set @iResult=0
declare cur cursor for
select name,id from sysobjects where xtype='U'
open cur
fetch next from cur into @tableName,@tbID
while @@fetch_status=0
begin
declare cur1 cursor for
--xtype in (231,167,239,175) 为char,varchar,nchar,nvarchar类型
select name from syscolumns where xtype in (231,167,239,175) and id=@tbID
open cur1
fetch next from cur1 into @columnName
while @@fetch_status=0
begin
set @sql='update [' + @tableName + '] set ['+ @columnName +']= replace(['+@columnName+'],'''+@delStr+''','''') where ['+@columnName+'] like ''%'+@delStr+'%'''
exec sp_executesql @sql
set @iRow=@@rowcount
set @iResult=@iResult+@iRow
if @iRow>0
begin
print '表:'+@tableName+',列:'+@columnName+'被更新'+convert(varchar(10),@iRow)+'条记录;'
end
fetch next from cur1 into @columnName
end
close cur1
deallocate cur1
fetch next from cur into @tableName,@tbID
end
print '数据库共有'+convert(varchar(10),@iResult)+'条记录被更新!!!'
close cur
deallocate cur
set nocount off
/*****以上为操作实体******/
<%
'--------版权说明------------------
'SQL通用防注入程序 完美版 By 若寒(X.L.B) QQ:343576462
'--------定义部份------------------
Dim Fy_Post,Fy_Get,Fy_In,Fy_Inf,Fy_Xh,Fy_db,Fy_dbstr,alerts
'自定义需要过滤的字串,用 "|" 分隔
Fy_In = "'|;|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|or"
'----------------------------------
%>
<%
Fy_Inf = split(Fy_In,"|")
'--------POST部份------------------
If Request.Form<>"" Then
For Each Fy_Post In Request.Form
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Form(Fy_Post)),Fy_Inf(Fy_Xh))<>0 Then
'--------写入数据库--头--------
'--------写入数据库--尾--------
call e_alert()
End If
Next
Next
End If
'--------GET部份-------------------
If Request.QueryString<>"" Then
For Each Fy_Get In Request.QueryString
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.QueryString(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
'--------写入数据库--头--------
'--------写入数据库--尾--------
call e_alert()
End If
Next
Next
End If
'--------cookies部份-------------------
If Request.Cookies<>"" Then
For Each Fy_Get In Request.Cookies
For Fy_Xh=0 To Ubound(Fy_Inf)
If Instr(LCase(Request.Cookies(Fy_Get)),Fy_Inf(Fy_Xh))<>0 Then
'--------写入数据库--头--------
'--------写入数据库--尾--------
call e_alert()
End If
Next
Next
End If
Sub e_alert()
alerts = "<"&"Script Language=JavaScript"&">"
alerts = alerts & "alert('请不要试图攻击本站,我们已经记录下你的信息!\n\nhttp://"&Request.ServerVariables("HTTP_HOST")&"/\n\nBy:若寒(X.L.B) QQ:343576462');window.opener=null; window.close();"
alerts = alerts & "<"&"/Script"&">"
Response.Write alerts
Response.End
end Sub
%>