We are excited to announce that the IIS.NET Forums are moving to the new Microsoft Q&A experience. Learn more >

View Complete Thread
  • Re: Anyone know about www.nihaorr1.com/1.js?

    Apr 20, 2008 10:35 PM|therage3k|LINK

    Having had a couple customer's impacted who did not have database back-ups going, thought folks might want a way to clean-up the damage caused by these injections.

    This was my solution - it ain't perfect (for example, some folks have variations in the format of injected script tags), but use it / tweak it / be careful as it DOES remove text forever and ever.

    It is fairly generic and in Query Analyzer you can comment out the EXEC and uncomment the PRINT if you want to see the SQL it will run - it simply hunts for the string you provide and removes it.  It will hit ntext fields if the legnth of data is not over 8000 bytes.


    Hope this helps.


    nihaorr1 sql injection aspder clean-up