SQL Injection Reversal Query Script

by Posted on

The folks over at Early Impact (makers of ProductCart) have released a tool to help remove JavaScript code from a SQL database that may have been hacked as part of the SQL Injection attacks taking place today on the Internet.  Here’s the details from their newsletter and a link to the SQL query you can execute.  Please be warned, I haven’t tested this so make sure you have a backup before executing it (just in case):

If your database is hacked

If your store is hacked (JavaScript code added to fields such as product names and descriptions), follow these steps

  • Turn off the store
  • Clean up the database by either:
    • Restoring a back-up copy
    • Running a query symmetrical to the offending query (download the SQL query here). Load the query in MS SQL query analyzer and run it multiple times until it says that “0 rows were affected”. Ask your Web master to do this for you, or open a support ticket with Early Impact. Note that this method might not be 100% effective.
  • Make sure that you have installed the updated files above (and any other files that might be released related to this Security Alert).
  • Re-open the store

Published by Jess

Experienced as a Web Developer and Web Server administrator since 1994, in 1999 Jess set out to start a Web Hosting Provider that would leverage the latest in cutting edge and innovative technologies and make them available to businesses in a way that was easy to understand, easy to use and affordable. Today Applied Innovations is a recognized leader in Windows Hosting and specializes in ASP.NET, E-Commerce and Advanced Web Application Hosting.

Leave a Reply