Table of Contents
The scope of this guide is limited to repairing a web database that has been attacked by SQL injection.
The example used applies directly to mySQL7, but if you generalize the examples this solution can apply to other database formats also. The steps detailed here were uncovered by myself thru limited research so, while the solution is not the most elegant, it is very simple and reproducible. I am not a coder, and I have no prior experience reading/writing ASP or SQL. Someone who knows anything about either language, especially SQL, could have came to this solution easily. The reader should take away from this guide that understanding, locating, and repairing SQL Injection attacks is very manageable for anyone with a basic level of technical experience who is not shy of getting their hands dirty.
I knew the site served content from an SQL database, but I did not know what tables or columns were housed inside of it. I did some research on the basics of mySQL7 and quickly formulated a command to get me started.
List all tables in database:
SELECT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE TABLE_TYPE = ‘BASE TABLE’ ORDER BY TABLE_NAME
Knowing what tables exist, I was off to a good start. Listing the content of the tables was simple.
List all columns in table:
SELECT * FROM tablename
Remove the malicious code from a specific column in the table:
UPDATE table SET column = LEFT(column, CHARINDEX(‘<script’, column) – 1) WHERE column LIKE ‘%<script%’;
As a parting note, be warned that this will only clean the database from the damage caused, and it does not resolve the SQL vulnerability in the code of your website. I recommend googling for *protecting against SQL injection* to find more information about preventing this sort of attack.