SQL query to remove SQL injection

Question

My server was hacked like many others yesterday by this one SQL injection attack. I have two tables that have the alien script put in.

My options are: -Manually delete the script from thousands of database entries. -Find copies of the tables and replace them.

How I would like to have a SQL query that finds the script beginning with the **"></title>\****<script** and ending with **</script><!--** and removing it from all the database entries that have it.

Example: So the query would see a databse entry like "></title><script> </script><!--Aland Islands and remove "></title><script> </script><!-- leaving just Aland Islands behind.

P.S. I post the full script I want to remove just in case. Sorry for some reason stackoverflow isnt letting post some of this info.

Answer 1

1st find all the vulnerable Links on your site then change the version of mysql you are using because the error which help to attacker to find your site is vulnerable or not is due to the error. If your web application on php there are several other error which help to attacker to find site is vulnerable or not. You can use acunetix web vulnerability scanner for find all venerability on web application.

Answer 2

One option is to take the DB offline, export the tables into load scripts, then use a text editor or sed to remove the malicious text, then truncate the tables and load them back in using the load scripts.

Answer 3

An example:

DELETE FROM infected_table
FROM
    infected_table i
WHERE
    i.script_column LIKE '>%'

Please do try the LIKE clause using a SELECT before running it though or run it in a transaction checking that the result is correct before committing.