Great Article! This informanation helped me save a database after an attack, and a recent DB backup failed.
Also, I found the security hole and patched it.

Thank You!!

Rich

The script isn’t meant to be run together like that, they’re intended to run separately.

However, that’s not clear from the text, so I updated the code.

If you throw 2 dashes in front of the second “Declare @T …” line” so it looks like “– Declare @T …” it should work just fine.

Sorry for the confusion.

Jeff

I ran the first PRINT script and as you said, it shows in the log as you say.
Then i tried to clean “ntext” datafield injection with the following script, only shanging the hackers website URL:

———————————————————-
DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype=’u’ AND (b.xtype=35 OR b.xtype=231 OR b.xtype=167)
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
PRINT (‘UPDATE ['+@T+'] SET ['+@C+']=REPLACE(['+@C+'],””, ””)’)
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor

DECLARE @T VARCHAR(255),@C VARCHAR(255)
DECLARE Table_Cursor CURSOR FOR
SELECT a.name,b.name FROM sysobjects a,syscolumns b WHERE a.id=b.id AND a.xtype=’u’ AND b.xtype=99
OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C
WHILE(@@FETCH_STATUS=0)
BEGIN
PRINT (‘UPDATE ['+@T+'] SET ['+@C+']=cast(replace(cast(['+@C+'] as nvarchar(4000)),””,””) as ntext)’)
FETCH NEXT FROM Table_Cursor INTO @T,@C
END
CLOSE Table_Cursor
DEALLOCATE Table_Cursor
———————————————————

I then get the return error:

Msg 134, Level 15, State 1, Line 15
The variable name ‘@T’ has already been declared. Variable names must be unique within a query batch or stored procedure.

Can anyone help me on whats going wrong here, and what I have to change in the script to get it to work

Kind Regards
Morten