Database hacked

The Mighty Dubs · 22-04-2008 4:55pm #1

Hi,

One of the sites I did was attacked by a virus. Basically its after inputting a line of code in column which links to a dodgy bit of javascript. How can I remove the inputted line. It resembles this

text text text<script src=http://www.xyz.com/dodgyscript.js></script>.

So basically I need to remove what’s between the <script> tags. There are about 9000 entries in this table.

What SQL could I run on this to remove it from the column?

Evil Phil · 22-04-2008 4:57pm

What RDBMS is it?

The Mighty Dubs · 22-04-2008 5:06pm

its Microsoft sql Server 2000

Andrew76 · 22-04-2008 5:07pm

Hi there,

Maybe try something like the following:

DECLARE @SearchStr AS VARCHAR(200)
SET @SearchStr = '<script src=http://www.xyz.com/dodgyscript.js></script>'

UPDATE YourTable 
SET YourColumn = REPLACE(YourColumn, @SearchStr, '') 
WHERE CHARINDEX(@SearchStr, YourColumn) > 0

It assumes the dodgy string you want to replace is the same for every row. Also you might not need the WHERE clause at all. Hope it's of some use. Note: There is no space between those single quotations.

FruitLover · 22-04-2008 5:50pm

Also then fix the original problem, or you're going to be right back to square one soon enough.

The Mighty Dubs · 22-04-2008 6:00pm

Thanks for that. That god rid of that unwanted code for me.

leeroybrown · 22-04-2008 9:12pm

FruitLover wrote: »

Also then fix the original problem, or you're going to be right back to square one soon enough.

I'd also echo this. I'd also suggest that it's very unlikely to be a virus and far more likely to be an SQL-injection attack against your web application that will re-occur if the problem isn't fixed.

The Mighty Dubs · 23-04-2008 9:48am

Any suggestions to how i might prevent another one of these SQL Injection attacks would be much appreciated.

Feelgood · 23-04-2008 9:51am

The Mighty Dubs wrote: »

Any suggestions to how i might prevent another one of these SQL Injection attacks would be much appreciated.

Plenty of info on the web regarding SQL injections, though you should have a look through the specific patches and recommendations on the Micro$oft site for your version of SQL server.

Your lucky it was just a few records that got affected and that your not currently trying to recover your site from a backup!. Wouldn't waste anytime in patching it up...

Ginger · 23-04-2008 10:04am

Sanitize your input, use whitelists rather than blacklists so that you only take what you want and expect rather than what you dont.

And do a HTMLEncode on all output so that the script will be outputted as text and not rendered as HTML...

Ginger · 23-04-2008 10:09am

And its not an SQL Injection its a Code/Script Injection...

Different techniques in prevention

Evil Phil · 23-04-2008 10:20am

What language did you use for the website? And the column which contained the javascript, how is that populated?

You should also look into finding out where the script file is hosted, you might be able to get them shutdown.

Database hacked

Comments