解决并清除SQL被注入

在SQL查询分析器执行以下代码就可以了

declare @t varchar()@c varchar()
declare table_cursor cursor for select anamebname
from sysobjects asyscolumns b systypes c
where aid=bid and axtype=u and cname
in (char nchar nvarchar varchartextntext)
declare @str varchar()@str varchar()
set @str=<script src=http://rorg/cjs></script>/*要替换的内容*/
set @str=
open table_cursor
fetch next from table_cursor
into @t@c while(@@fetch_status=)
begin exec(update [ + @t + ] set [ + @c + ]=replace(cast([ + @c + ] as varchar())+@str++ @str +))
fetch next from table_cursor
into @t@c end close table_cursor deallocate table_cursor;

首先替换代码里面的<script src=http://rorg/cjs></script>为你的数据库表里面被注入的内容打开MSSQL的SQL查询分析器执行以下代码就可以了