sql injection DB대량변조 삽입 스크립트 제거

declare @tab varchar(255), @col varchar(255), @owner varchar(255), @type int

declare table_cursor cursor for

select so.name, sc.name, sc.xtype, su.name

from sysobjects so inner join syscolumns sc on so.id = sc.id

     inner join sysusers su on so.uid = su.uid

where so.xtype='u' and (sc.xtype=99 or sc.xtype=35 or sc.xtype=231 or sc.xtype=167)

open table_cursor

fetch next from table_cursor into @tab, @col, @type, @owner

while(@@fetch_status=0)

Begin

-- <<악성코드>> 부분을실제삭제하려는악성코드로수정해주세요. (예: )

 if (@type = 35 or @type = 167)  -- varchar나text 데이터타입일경우(SQL2005 환경이라면varchar(max) 사용)

    exec('update ' + @owner + '.[' + @tab + '] set [' + @col + '] = left(
            convert(varchar(8000), ['+@col+']),
            len(convert(varchar(8000), ['+@col+'])) - 6 -
            patindex(''%tpircs<%'',
                      reverse(convert(varchar(8000), ['+@col+'])))
            )
      where ['+@col+'] like ''%<script%</script>'''
      );

 else   -- nvarchar나ntext 데이터타입일경우(SQL2005 환경이라면nvarchar(max) 사용)                   

     exec('update ' + @owner + '.[' + @tab + '] set [' + @col + '] = left(
            convert(varchar(4000), ['+@col+']),
            len(convert(varchar(4000), ['+@col+'])) - 6 -
            patindex(''%tpircs<%'',
                      reverse(convert(varchar(8000), ['+@col+'])))
            )
      where ['+@col+'] like ''%<script%</script>'''
      );

 print '[' + @col + ']' + ' column of ' + @owner + '.' + @tab + ' has been updated.'

 fetch next from table_cursor into @tab, @col, @type, @owner

End

close table_cursor

deallocate table_cursor