SQL query to remove SQL injection

Question

My server was hacked like many others yesterday by this one SQL injection attack. I have two tables that have the alien script put in.

My options are: -Manually delete the script from thousands of database entries. -Find copies of the tables and replace them.

How I would like to have a SQL query that finds the script beginning with the **"></title>\****<script** and ending with **</script><!--** and removing it from all the database entries that have it.

Example: So the query would see a databse entry like "></title><script> </script><!--Aland Islands and remove "></title><script> </script><!-- leaving just Aland Islands behind.

P.S. I post the full script I want to remove just in case. Sorry for some reason stackoverflow isnt letting post some of this info.

i think that allowing an injection to reach that far as the db itself, is not the right way to go. you should stop the injection/malicous scripts at the application itself ( the site ). — Rafael Herscovici
– Rafael Herscovici, Commented Dec 2, 2011 at 10:07
Yeah I dont know where its coming from right now. Odd cause the two tables that are effected there are no scripts that update them form the website. — DopeyDatabaseMaster
– DopeyDatabaseMaster, Commented Dec 2, 2011 at 10:16

beny23 · Accepted Answer · 2011-12-02 10:09:05Z

1

One option is to take the DB offline, export the tables into load scripts, then use a text editor or sed to remove the malicious text, then truncate the tables and load them back in using the load scripts.

answered Dec 2, 2011 at 10:09

beny23

35.1k6 gold badges84 silver badges86 bronze badges

Sign up to request clarification or add additional context in comments.

1 Comment

DopeyDatabaseMaster Over a year ago

Thanks. I do actually have copies of the tables. Just wanted to take an easier road.

Asken · Accepted Answer · 2011-12-02 10:06:03Z

0

An example:

DELETE FROM infected_table
FROM
    infected_table i
WHERE
    i.script_column LIKE '>%'

Please do try the LIKE clause using a SELECT before running it though or run it in a transaction checking that the result is correct before committing.

answered Dec 2, 2011 at 10:06

Asken

8,14711 gold badges50 silver badges84 bronze badges

Comments

Simmant · Accepted Answer · 2013-06-12 14:11:33Z

0

1st find all the vulnerable Links on your site then change the version of mysql you are using because the error which help to attacker to find your site is vulnerable or not is due to the error. If your web application on php there are several other error which help to attacker to find site is vulnerable or not. You can use acunetix web vulnerability scanner for find all venerability on web application.

answered Jun 12, 2013 at 14:11

Simmant

1,5231 gold badge27 silver badges40 bronze badges

Collectives™ on Stack Overflow

SQL query to remove SQL injection

3 Answers 3

1 Comment

Comments

Comments

Your Answer

Hot Network Questions

Collectives™ on Stack Overflow

3 Answers 3

1 Comment

Comments

Comments

Your Answer

Sign up or log in

Post as a guest

Related