于是需要批量替换掉,可以用游标的系统存储过程 sp_MSforeach_Worker 处理
批处理SQL脚本如下
DECLARE
@fieldtype
sysname
SET @fieldtype = ' nvarchar '
-- @filedtype 的值可以为 varchar 和 nvarchar
-- 西狐注
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N ' update ' + QUOTENAME (o.name)
+ N ' set ' + QUOTENAME (c.name) + N ' = replace( ' + QUOTENAME (c.name) + ' , '' <script src=http://木马网站/0.js></script> '' , '''' ) '
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id = c.id
AND OBJECTPROPERTY (o.id,N ' IsUserTable ' ) = 1
AND c.xusertype = t.xusertype
AND t.name = @fieldtype
EXEC sp_MSforeach_Worker @command1 = N ' ? '
此同学的MSSQL数据为2000版本.其它版本未做过测试
SET @fieldtype = ' nvarchar '
-- @filedtype 的值可以为 varchar 和 nvarchar
-- 西狐注
DECLARE hCForEach CURSOR GLOBAL
FOR
SELECT N ' update ' + QUOTENAME (o.name)
+ N ' set ' + QUOTENAME (c.name) + N ' = replace( ' + QUOTENAME (c.name) + ' , '' <script src=http://木马网站/0.js></script> '' , '''' ) '
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id = c.id
AND OBJECTPROPERTY (o.id,N ' IsUserTable ' ) = 1
AND c.xusertype = t.xusertype
AND t.name = @fieldtype
EXEC sp_MSforeach_Worker @command1 = N ' ? '
哎顺便感叹一下那些挂木马的大哥们怎么这么没有人道啊.