SQL Injection with Random conent -how to clean?

Posted on 2008-10-17
Last Modified: 2012-05-05
Hi there - we have recently had what seems to be an SQL injection attack - but this time the code inserted into DB fields appears to be random links to other sites. When I say random, I mean that each row within the table has had different content appended to the original content. I've attached an example of what has been appended below. The main part of it is within <SPAN STYLE='display:none'> </SPAN>  followed by a comment within  <!--   -->.   The format of the injection appears consistent throughout although the content differs between the start/end tags inserted. I hope this makes sense! I have a cleaner script for previous attacks - but the difference here is that content to be removed varies throughout each row. Is there a way to UPDATE by removing from <SPAN STYLE='display:none'>  UNTIL   -->

I hope this makes sense. And thanks in advance.


<SPAN STYLE='display:none'>
<P>Choroid chary dusky clubman extortionate enforcement lien backwall enlisted pretensioning trey toxoid eliminable sequence. <I>Iodide</I>.
<A HREF=";img=154958">buy fioricet online</A> uninterpreted <A HREF=";deptID=3167&#38;ptype=3">cheap adipex</A> <A HREF=";comedianID=0&#38;generic-propecia">generic propecia</A>
 <A HREF=";img=154958">cheap xanax</A>
 <A HREF="">viagra</A> <A HREF=";deptID=3167&#38;ptype=3">hydrocodone</A>
 <A HREF="">lisinopril</A> <A HREF=";deptID=3167&#38;ptype=3&#38;amoxicillin">amoxicillin</A> <A HREF=";id=1751&#38;buy-vicodin">buy vicodin</A> <A HREF=";ID=320">xenical</A>
 gardinol <A HREF="">ambien online</A>
 <A HREF=";deptID=3167&#38;ptype=3">proscar</A>
 <A HREF=";deptID=3167&#38;ptype=3">buy hoodia</A> <A HREF=";ID=337">buy xanax</A> <B>pericranial</B> <A HREF=";ID=316">purchase valium</A> <A HREF=";deptID=3167&#38;ptype=3">tretinoin</A>
 <A HREF=";img=154958">buy adipex</A>
 vernal <A HREF=";deptID=3167&#38;ptype=3">amoxicillin</A>
 <A HREF="">vardenafil</A> <A HREF=";img=154958&#38;fluconazole">fluconazole</A>
 <A HREF=";comedianID=0">levofloxacin</A> <A HREF=";comedianID=0">levofloxacin</A>
 <A HREF=";id=1737">augmentin</A> <A HREF="">buy phentermine</A>
 <A HREF=";esomeprazole">esomeprazole</A>
 affrayer <A HREF=";id=1742">generic zoloft</A>
 <A HREF="">tretinoin</A> <A HREF=";comedianID=0&#38;tadalafil">tadalafil</A> <A HREF=";deptID=3167&#38;ptype=3&#38;diflucan">diflucan</A>
 homy <A HREF=";id=1748&#38;furosemide">furosemide</A>
 <A HREF=";comedianID=0&#38;bextra">bextra</A> <A HREF=";comedianID=0">levofloxacin</A> <B>gauche</B> outvote <A HREF=";deptID=3167&#38;ptype=3">lorazepam</A>
 <A HREF=";deptID=3167&#38;ptype=3&#38;purchase-xanax">purchase xanax</A> <A HREF="">cheap tramadol online</A> <A HREF=";comedianID=0">levofloxacin</A> dystectics <A HREF="">order carisoprodol</A> <A HREF=";deptID=3167&#38;ptype=3">buy ambien</A> <A HREF="">cheap cialis</A>
 <A HREF=";ID=343&#38;cheap-adipex">cheap adipex</A> <A HREF=";img=154958&#38;generic-norvasc">generic norvasc</A>
 <I>turbofan</I> <A HREF=";amlodipine">amlodipine</A> <A HREF="">esgic</A> gules <A HREF=";purchase-phentermine">purchase phentermine</A> invitation <A HREF=";img=154958">adipex online</A> <A HREF="">fioricet</A>
 <A HREF="">cheap tramadol online</A>
 <A HREF=";img=154958">nexium online</A>
 <A HREF="">order cialis online</A> <I>balaclava</I> <A HREF=";img=154958">ciprofloxacin</A> <A HREF="">diazepam</A> <A HREF=";id=1723&#38;propecia">propecia</A>
 <A HREF=";ID=323&#38;buy-amoxicillin">buy amoxicillin</A> <A HREF="">buy levitra</A>
 <A HREF=";cozaar">cozaar</A>
 terpinene astrogram <A HREF=";deptID=3167&#38;ptype=3">retin-a</A> <A HREF=";ID=319&#38;generic-zyrtec">generic zyrtec</A> <A HREF="">xenical online</A>
 <A HREF="">alendronate</A> <A HREF="">allegra</A>
 extrapolating <A HREF=";img=154958">singulair</A> psychokinetic gearmotor <A HREF=";comedianID=0">levofloxacin</A> <A HREF=";comedianID=0&#38;order-xanax">order xanax</A>
 <A HREF=";buy-nexium">buy nexium</A> <A HREF="">diazepam online</A>
 <A HREF="">buy valium online</A> <A HREF="">levitra</A> <A HREF="">generic ambien</A> <A HREF="">buspirone</A>
 <A HREF=";ID=330">generic levitra</A> <A HREF=";id=1747">generic finasteride</A>
 <A HREF=";id=1731&#38;plavix">plavix</A>
 <A HREF=";id=1720">simvastatin</A> <A HREF="">danazol</A> <A HREF=";zovirax">zovirax</A> <A HREF=";comedianID=0&#38;generic-prozac">generic prozac</A>
 <A HREF=";deptID=3167&#38;ptype=3">cheap propecia</A> <A HREF=";img=154958">tizanidine</A>
 <A HREF=";deptID=3167&#38;ptype=3">keflex</A>
 <A HREF=";img=154958">generic plavix</A> <A HREF=";deptID=3167&#38;ptype=3">order tramadol</A> <A HREF=";deptID=3167&#38;ptype=3&#38;losec">losec</A> <A HREF="">viagra online</A> <A HREF="">motrin</A> <A HREF=";comedianID=0">levofloxacin</A>
 <A HREF=";darvon">darvon</A> <A HREF="">generic zyrtec</A>
 <A HREF=";ID=313&#38;order-tramadol">order tramadol</A>
 <A HREF="">order adipex</A>
 lactozone <A HREF="">generic nexium</A> <A HREF=";comedianID=0">levofloxacin</A>
 <A HREF=";id=1733">buy soma online</A>
 <A HREF="">fexofenadine</A> <A HREF=";id=1746">prevacid</A> heterophyasis <A HREF=";img=154958">sonata</A> <A HREF=";comedianID=0">levofloxacin</A> <A HREF=";generic-prevacid">generic prevacid</A>
 <A HREF=";id=1725">vardenafil</A>
 <A HREF=";comedianID=0">levofloxacin</A>
 <A HREF=";ID=348">cheap propecia</A>
 <A HREF=";id=1736">ciprofloxacin</A>
 mastoidotomy alehoof <A HREF=";order-xenical">order xenical</A>
 practices <A HREF="">cetirizine</A> <I>expansive</I> hussar <A HREF=";buy-tramadol">buy tramadol</A>
 <A HREF="">cheap valium</A> <A HREF=";id=1724">norco</A>
 <A HREF="">cialis</A> <A HREF=";deptID=3167&#38;ptype=3">cetirizine</A>
 <A HREF="">kenalog</A>
 <A HREF=";comedianID=0&#38;cheap-propecia">cheap propecia</A> <A HREF=";img=154958&#38;buy-viagra-online">buy viagra online</A>
 <A HREF=";fioricet">fioricet</A> buddhist <A HREF=";id=1718">metformin</A> <A HREF=";deptID=3167&#38;ptype=3">naproxen</A> <A HREF="">lunesta</A> <A HREF="">ultram</A> <A HREF=";deptID=3167&#38;ptype=3&#38;generic-zoloft">generic zoloft</A> perplexity <A HREF=";id=1744&#38;diflucan">diflucan</A> <A HREF=";ID=327">generic zocor</A> <A HREF="">allegra</A>
 <A HREF=";img=154958">prednisone</A> <A HREF=";deptID=3167&#38;ptype=3">cheap viagra online</A> milliangstrom <A HREF=";comedianID=0&#38;buy-prozac">buy prozac</A> <A HREF=";comedianID=0">levofloxacin</A> <A HREF=";ID=338">cheap levitra</A>
 <A HREF=";id=1749">cheap levitra</A> <A HREF=";id=1734">nexium</A>
 <A HREF=";id=1717&#38;generic-propecia">generic propecia</A>
 <A HREF=";id=1716">buy tramadol</A> <A HREF=";comedianID=0">levofloxacin</A> revaluation <A HREF="">imovane</A> <A HREF="">adipex online</A> undecagon maturemeter <A HREF=";cheap-valium">cheap valium</A> <A HREF=";deptID=3167&#38;ptype=3&#38;xenical-online">xenical online</A>
 <A HREF=";comedianID=0">levofloxacin</A> <I>reave</I> frenotron <A HREF="">prozac online</A> <B>own</B> <A HREF=";img=154958&#38;bupropion">bupropion</A>
 <A HREF="">losartan</A>
 <A HREF=";deptID=3167&#38;ptype=3&#38;reductil">reductil</A>
 <A HREF=";id=1735">generic celexa</A> aquagel <A HREF=";ambien">ambien</A> <A HREF=";ID=349">purchase tramadol</A>
 <A HREF="">buspar</A>
 <A HREF="">singulair</A> <A HREF=";ID=312">prilosec</A> <A HREF=";img=154958">prevacid</A> triazane rustbound <A HREF="">generic paxil</A> <A HREF=";img=154958">kenalog</A> <A HREF="">buy hydrocodone</A> <A HREF="">order phentermine</A> <A HREF=";ID=321">buy levitra online</A>
 anchusa pleading dimply <A HREF=";ID=347">carisoprodol online</A> <A HREF=";deptID=3167&#38;ptype=3">amlodipine</A>
 <A HREF=";comedianID=0&#38;meridia">meridia</A>
 <A HREF=";deptID=3167&#38;ptype=3">buy hoodia</A> <A HREF=";deptID=3167&#38;ptype=3">finasteride</A>
 <I>fleam</I> <A HREF=";deptID=3167&#38;ptype=3">xanax online</A> <B>cinemactress</B> <A HREF=";generic-effexor">generic effexor</A> <A HREF="">orlistat</A>
 <A HREF=";ID=315&#38;nasacort">nasacort</A> <A HREF=";img=154958&#38;soma">soma</A> <A HREF=";img=154958&#38;buy-levitra-online">buy levitra online</A>
 <A HREF="">cheap alprazolam</A> heaving <A HREF=";comedianID=0">levofloxacin</A>
 <A HREF=";deptID=3167&#38;ptype=3&#38;hoodia">hoodia</A> <A HREF=";id=1756">cheap cialis online</A> citronellic <A HREF="">generic nexium</A> <A HREF=";ID=342">simvastatin</A>
 <A HREF=";img=154958&#38;tadalafil">tadalafil</A> <A HREF=";nasacort">nasacort</A> wineglass <A HREF=";deptID=3167&#38;ptype=3&#38;viagra">viagra</A> <A HREF=";ID=324">effexor</A> <A HREF="">generic propecia</A> <A HREF=";comedianID=0&#38;generic-ultram">generic ultram</A>
 shifter <A HREF=";triamcinolone">triamcinolone</A> <A HREF=";comedianID=0">levofloxacin</A>
 <A HREF="">buy alprazolam</A> <A HREF=";ID=350&#38;hydrocodone">hydrocodone</A> <A HREF=";adipex">adipex</A> <A HREF=";img=154958&#38;buy-xanax">buy xanax</A> <A HREF=";cheap-phentermine-online">cheap phentermine online</A>
 <A HREF=";comedianID=0&#38;tramadol">tramadol</A> <A HREF=";id=1745&#38;viagra">viagra</A>
 <A HREF=";buy-carisoprodol">buy carisoprodol</A> <A HREF=";ID=331">lorazepam</A>
 <A HREF=";img=154958">retin</A> <A HREF=";comedianID=0">levofloxacin</A> <A HREF=";ID=333">carisoprodol</A> <A HREF="">buy tramadol online</A> angiofibromyosarcoma <A HREF=";deptID=3167&#38;ptype=3">cheap propecia</A> <A HREF=";id=1727">buy hoodia</A>
 <A HREF="">cheap alprazolam</A>
 <A HREF=";img=154958">buy ultram online</A> <A HREF="">buy hoodia</A> unsaturation <A HREF=";comedianID=0">levofloxacin</A>
 <A HREF=";img=154958&#38;vardenafil">vardenafil</A> <A HREF=";comedianID=0">levofloxacin</A> <A HREF=";buy-amoxicillin">buy amoxicillin</A> <A HREF=";buy-tramadol-online">buy tramadol online</A> cusped <A HREF=";comedianID=0">levofloxacin</A>
Cover nonpresentment diethylamide. Baculus intraperitoneal toxicomania anaglyph amniote codeine organometallic!<BR>
Domic voltaite odorization nincompoop. Chlorothiophenol briefcase overfilling oversubtle gelatination triplicating meroquinene expension mudguard leaflet? Bisacodyl strays enclave,.<BR>
Clayey dragnet luminesce plethorically daynrumb nostalgia alloimmunity chemosensitivity elongate hyperthermal.

Open in new window

Question by:pkates
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 37

Accepted Solution

momi_sabag earned 500 total points
ID: 22740242
sure you can !

update my_table
set my_column =
  substring(my_column,1, charindex('<SPAN STYLE=''display:none''>', my_column) +   -- this will get all your data up to the injected data
  substring(my_column, charindex('-->', my_column,  charindex('<SPAN STYLE=''display:none''>', my_column)), len(my_column)) -- this will get the rest of the data
where charindex('<SPAN STYLE=''display:none''>', my_column) > 0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Powershell help for creating accounts 283 57
user database (login sql or login windows) 3 31
SQL Server code help needed 14 35
This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
The Delta outage: 650 cancelled flights, more than 1200 delayed flights, thousands of frustrated customers, tens of millions of dollars in damages – plus untold reputational damage to one of the world’s most trusted airlines. All due to a catastroph…
Via a live example, show how to shrink a transaction log file down to a reasonable size.
Viewers will learn how to use the INSERT statement to insert data into their tables. It will also introduce the NULL statement, to show them what happens when no value is giving for any given column.

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question