Solution to the database of Trojans in ASP websites

When we use ASP to connect to database to develop applications, we may encounter the situation where the ASP database is hung with a Trojan. In this article, we will introduce the programming method when the ASP database is hung with a Trojan. I hope it will be helpful to you.

In this article, we introduce in detail the programming method of the detailed solution of the Trojan hanged by ASP database. The solution is divided into the following three steps:

first step:

Make backups for existing databases.

Step 2:

Execute the following ASP file, so that the JS Trojans in the database can be removed:

Note: I wrote it myself.

'Put the JS Trojan content here: Please remember to change it to the JS Trojan content in your own database.

1. <!--#includefile=conn.asp-->
3. <%
5. Server.ScriptTimeOut=180SetrstSchema=conn.OpenSchema(20)
7. k=1
9. DoUntilrstSchema.EOF' traversal of database tables
11. IfrstSchema(TABLE_TYPE)=TABLEThen
13. response.writeK&.<fontcolor=red><b>&rstSchema(TABLE_NAME)&</b></font>:'Show table name Setrs=Server.CreateObject(ADODB.Recordset)
15. sql=select*from[&rstSchema(TABLE_NAME)&]
17. rs.opensql,conn,1,3Fori=0tors.fields.count-1'Transfer field Ifint(rs(i).Type)=129
19. orint(rs(i).Type)=130orint(rs(i).Type)=200orint(rs(i).Type)=201orint(rs(i).Type)=202orint(rs(i).Type)= 203Then' only processing fields with field type character type
21. conn.execute(update[&rstSchema(TABLE_NAME)&]set&rs(i).name&=replace(cast(&rs(i).name&
23. asvarchar(8000)),'Put JS Trojan content here','')) response.writers(i).name&&rs(i).Type&' displays the executed field name.
25. EndIf
27. Next
29. response.write<br>
31. EndIf
33. rstSchema.MoveNext
35. kk=k+1
37. Loop
39. response.Write execution successfully
41. %>

If there are many database tables, the above traversal database structure will be stopped by IIS before it is executed. At this time you can:

If rstSchema(TABLE_TYPE)=TABLE Then

The range of k values ​​is appropriately added, such as:

If rstSchema(TABLE_TYPE)=TABLE k>10 and k<20 Then

In this way, only 9 tables are operated at a time.

Step 3:

According to the characteristics of database JS injection (which will include characters like http://), put the following code in conn.asp:

1. FunctionCheack_Sqljs()' Prevents database external link JS injection: true is to discover external link JS injection.
3. DimF_Post,F_Get
5. Check_Sqljs=False
7. IfRequest.Form<>Then' Detection of ForEachF_PostInRequest.FormIf(Instr(LCase(Request.Form(F_Post)),
9. <script)<>0orInstr(LCase(Request.Form(F_Post)),</script>)<>0)
11. andInstr(LCase(Request.Form(F_Post)), http://)<>0Then
13. Check_Sqljs=True
15. ExitFor
17. EndIf
19. Next
21. EndIf
23. IfRequest.QueryString<>Then'QueryString Detection on Submission ForEachF_GetInRequest.QueryString
25. If(Instr(LCase(Request.Form(F_Get)),<script)<>0orInstr(LCase(Request.Form(F_Get)),</script>)<>0)
27. andInstr(LCase(Request.Form(F_Get)), http://)<>0Then
29. Check_Sqljs=True
31. ExitFor
33. EndIf
35. Next
37. EndIf
39. EndFunction
41. FunctionCheckDataFrom()'Check the data submitted source: True is submitted for data from outside the site
43. CheckDataFrom=True
45. server_v1=Cstr(Request.ServerVariables(HTTP_REFERER))server_v2=Cstr(Request.ServerVariables(SERVER_NAME))
47. ifmid(server_v1,8,len(server_v2))<>server_v2then
49. CheckDataFrom=False
51. endif
53. EndFunction
55. IfCheack_SqljsorCheckDataFromThen
57. Response.Write<ScriptLanguage=JavaScript>alert('Execution is prohibited, illegal operation.');</Script>Response.End()
59. EndIf

This is all about the programming method when the ASP database is hung with a Trojan. I hope this introduction can bring you some benefits. Thank you!