String search and replace across an entire database

Question

After an exploit on an ASP.NET site, the client was left with a specific string of malware code sprayed across the entire database, multiple columns of multiple tables. The prepended string is consistent and doesn't change from table to table, so theoretically if I could just do a search-and-replace across the whole database, this could be cleared up in a single operation.

I could do this fairly easily in PostgreSQL or MySQL doing something like this:

mysqldump bad_db | sed 's/evilcode//g' | mysql fixed_db

But how would you do such a thing with SQLServer? I'm not certain it's quite so simple under Windows.

Really the only responsible thing to do is restore it from a known good backup. — MDMarra, Oct 08 '12 at 23:45
@MDMarra And if that were possible then I wouldn't be asking this question. — tylerl, Oct 08 '12 at 23:48
Sorry, but you didn't give any indication that there were no viable backups. — MDMarra, Oct 08 '12 at 23:50
@MDMarra np -- i figured it was a given. I don't think anyone would head down this type of path if they had any other choice. — tylerl, Oct 08 '12 at 23:52

score 1 · Answer 1 · answered Oct 09 '12 at 00:03

The problem that you are going to run into is that the database backup file is binary not plain text like a MySQL dump. Here is a link to a blog post that I wrote a while back that'll scrub the varchar and nvarchar fields. There's no code on it for text and ntext, but this'll probably clean up most of it. Text and Ntext are harder as you can't use things like substring on them.

String search and replace across an entire database

1 Answers1