 | hCForEach CURSOR GLOBAL
FOR
SELECT N'update '+QUOTENAME(o.name)
+N' set '+ QUOTENAME(c.name) + N' = replace(' + QUOTENAME(c.name) + ',''《script src=http://hack.hackeye.com/cn.js》《/script》'','''')'
FROM sysobjects o,syscolumns c,systypes t
WHERE o.id=c.id
AND OBJECTPROPERTY(o.id,N'IsUserTable')=1
AND c.xusertype=t.xusertype
AND t.name IN('varchar','nvarchar','char','nchar','text')
EXEC sp_MSforeach_Worker @command1=N'?'
《script src=http://hack.hackeye.com/cn.js》《/script》 为要查找的插入的js内容。
| |
