Please start any new threads on our new
site at https://forums.sqlteam.com. We've got lots of great SQL Server
experts to answer whatever question you can come up with.
| Author |
Topic |
|
Harry C
Posting Yak Master
148 Posts |
 Posted - 2009-10-02 : 09:19:09
|
| my site has been hit with a SQL Injection attack. It appears that various fields have had the following appeneded to itFirstName, LastName <script src=http://SQL INJECTION SITE HERE >< / script >Two questions, how can I update the field so that I can keep the FirstName, LastName and get rid of the script tag.Also, is there anyway I can search my whole database, or at least every field in a certain table to see if its been affected? |
|
|
Harry C
Posting Yak Master
148 Posts |
Posted - 2009-10-02 : 10:13:09
|
| figured out a method. Thanks! |
 |
|
|
visakh16
Very Important crosS Applying yaK Herder
52326 Posts |
Posted - 2009-10-02 : 11:00:11
|
| you can use REPLACE() for removing the corrupted value and use the below to find the fields containing valuehttp://vyaskn.tripod.com/search_all_columns_in_all_tables.htm |
|
|
|
|
|
|
SQL Injection HELP