A database that a client of mine has was hacked. I am in the process of trying to rebuild the data. The site is running classic ASP with a SQL Server database. I believe I have found where the weak point was for the hackers and removed that entry point for now.
Every text colummn in the database was appended with some html markup and inline script/js tags.
Here is an example of a field:
all</title><script>
document.write("<style>.aq21{position:absolute;clip:rect(436px,auto,auto,436px);}</style>");
</script>
<div class=aq21>
<a href=http://samedaypaydayloansonlineelqmt.com >same day payday loans online</a>
<a href=http://samedaypaydayloan
This example was in the Users table in the UserRights column. The initial value was all, but then you can see the links that were appended.
I need to write a regex script that will search through all fields in each column of each table in the database and remove this extra markup.
Essentially, if I try to match </table>, then that string and everything that appends it can be replaced with a blank string.
All of these appended strings are the same for each field in the same column. However, there are multiple columns in each table.
This is what I have been doing so far, replacing the hacked part, but a nice regex would probably help me out, though my regex skills.... well suck.
UPDATE [databasename.[db].[databasetable]
set
UserRights = replace(UserRights,'</title><script>document.write("<style>.aq21{position:absolute;clip:rect(436px,auto,auto,436px);}</style>");</script><div class=aq21><a href=http://samedaypaydayloansonlineelqmt.com >same day payday loans online</a><a href=http://samedaypaydayloan','');
Any regex help and/or tips are appreciated.
This is what I ended up doing (big thanks to #Bohemian):
I went through each table and checked which column was affected. Then I ran the following script on each column:
UPDATE [tablename]
set columnname = substring(columnname, 1, charindex('/', columnname)-1)
where columnname like '%</%';
If the column had any markup in it, then I ended up manually updating those records manually. (lucky for me there was only a couple of records).
If anyone has any better solutions, please feel free to comment.
Thanks!
Since the bad stuff starts with a <, and that is an unusual character to typically find, I would use normal text functions, something like this:
update mytable set
mycol = substr(mycol, 1, charindex('<', mycol) - 1)
where mycol like '%<%';
And methodically do this with every column of every table.
Note that I'm only guessing at the right function to use, since I'm unfamiliar with SQL Server, but you get idea.
I welcome someone editing the SQL to improve it.
Related
I really like Snowflake's new Snowsight web console. One minor issue is that all the numeric columns have commas , as thousands separator rather than just outputting the raw number.
For example I have a bunch of UNIX epochs stored in a column called created_time. For debugging purposes I'd like to quickly copy and paste them into a WHERE clause, but I have to manually remove the commas from 1,666,719,883,332 to be 1666719883332.
Sure it's a minor thing, but doing it several dozen times a day is really starting to up to minutes.
I realize I could cast the column to a VARCHAR, but I'd rather find a setting that I can turn off for this auto-thousand-separator default behavior.
Does anyone know a way to turn it off?
Here is an example:
create TABLE log (
CREATED_TIME NUMBER(38,0),
MSG VARCHAR(20000)
);
insert into log values (1666719883332, 'example');
select * From log;
which outputs
CREATED_TIME
MSG
1,666,719,883,332
example
Prepare to be amazed! The option to show/hide the 000 separator is on the left corner
I'd like to quickly copy and paste them into a WHERE clause, but I have to manually remove the commas from 1,666,719,883,332 to be 1666719883332.
The way I use it is a preview pane and Copy button:
I use UPDATE a SET GR_P = REPLACE(GR_P,'','') FROM mytable a to replace things.
But replace function is not working for below charter:
In Query analyzer it works but when I used SSIS Execute SQL task or OLEDB Source then it is giving me error:
No Connection manager is specified.
In Toad against Oracle (since that's one of your tags), I issued this (pressing ALT-12 to get the female symbol) and got 191 as a result. note selecting it back using CHR(191) shows an upside-down question mark though.
select ascii('♀') from dual;
Given that, this worked but it's Oracle syntax, your mileage may vary.
UPDATE mytable SET GR_P = REPLACE(GR_P, CHR(191));
Note if it does not work, that symbol could be for another control character. You may need to use a regular expression to eliminate all characters not in a-zA-Z0-9, etc. I suspect you'll need to update your tags to get a more accurate answer.
Maybe this info will help anyway. Please post back what you find out.
One of my sql table is injected with some html code. It is inserted such that the html tags are inserted after actual data. How to remove this from my table.
You can use the fact that html code starts with symbol <. Then:
UPDATE TableName
SET SomeColumn = CASE WHEN CHARINDEX('<', SomeColumn) > 0
THEN SUBSTRING(SomeColumn, 1, CHARINDEX('<', SomeColumn) - 1)
ELSE SomeColumn END
If this is not true then we will need more information about data. May be it will not be possible at all...
Well, without knowing more about your problem I can only advise to look for typical patterns of the unwanted stuff and then run some UPDATEs with suitable REPLACE() statements in it.
If you had been using MySql ... I simply didn't see the SQL-server tag ;-/
... a shorter version of Giorgi's solution would have been:
UPDATED tableName SET infestedCol=substring_index(infestedCol,'<',1)
Unfortunately you cannot use regular expressions for the search pattern here and it must be of the correct case.
Most of all, make sure you don't get more of the stuff, so secure your user forms further.
The question is based on SQL Server not about ssrs NEW Line
i had Already go through the stackoverflow below links related to this topic
1)New line in Sql Query
2)New line in sql server
3)New line in Sql Query
But i didn't get any answer for my situation
My problem is that i need a newline character in select query results
Example : i have a string like below
Today is Friday Yesterday is Thursday
and when I select this varchar value from my table I need it to to appear like this in my SSRS report:
Today is Friday
Yesterday is Thursday
I have tried many ways like
select 'Today is Friday' +char(13)+'Yesterday is Thursday'
but it gives me a result Today is Friday Yesterday is Thursday
but when i use print insted of select then i got the results what i want
But i cannot use print in my scenario because i need this result in aother query and that query i have used for ssrs reporting purpose
I know i can split this query and show it in two rows but in my case i can't do something like that too because the results i have used in many select querys.
i don't know it is possible in Sqlserver, if it is possible then
please help me to solve my problem
Edit : please help me if it is possible in Grid Mode rather than text mode
Since when you use print you do see the line break, it seems to me like the problem is that you execute this query in SSMS, while the result is displayed as a grid.
Try changing the display result to text and you will see the line break just like you see it when you use print instead of select.
Btw, I think you better use char(13)+char(10) as xQbert suggested in the comments.
If you are doing it in Managment Studio this works fine:
select 'Today is Friday' +char(13)+'Yesterday is Thursday'
If result to grid is selected in Managment Studio then it is printed in one line becouse this works in that way. If you copy and paste it from grid to notepad you will see it works. Try checking result to Text. It works to.
I have no experience with SSRS, but maybe this link is helpful for You:
SSRS how to add in New line
This suggest to use expression, like this:
=Replace(Field!Names.Value, ",", VbCrLf)
If you need to display the new line in an SSRS report, try using <br /> instead of CHAR(10) - and make sure to set the control that contains this text to allow HTML.
Hope someone can help with this question. I have a table with image file names sorted in it and some are missing the directory prefix. eg: (without folder info): "some_imagname.jpg" and then with the folder : "/photos/another_imagname.jpg".
I would like to run an update on the table, so that all image names have the folder prefixed added to it, where it is missing.
It's a long story as to how this happened, but suffice to say, I really need to get this updated quite soon.
Many thanks
Hans
A simple update statement with concatenation using the + operator and a filter to exclude the records that are already prefixed:
UPDATE table
SET column = '/photos/' + column
WHERE column NOT LIKE '/photos/%'
With the little information given i'd say:
UPDATE table
SET name_column = '/photos/' + name_column
WHERE name_column NOT LIKE '/photos%';