Is it possible to somehow search the entire database, all columns of all tables?
The task is to scan the database for eval .
Can you please tell whether you can implement such a search?
Deleted
351 one five 13
Nepster nepster
802 3 12 thirty
- hmm, you can select all the tables, for each of the tables you can get all the columns, and then look for them further :) only this comes to mind) - IVsevolod
- Is there a query that gets all the columns in a table? And is it possible to use it in a bundle of requests? Type WHERE query for all columns - Nepster
- do a full dump of the base and further grep. - huffman
|
2 answers
If you do not need to programmatically search, then look at the program http://www.heidisql.com/ she can search for words throughout the database
zsiteru zsiteru
550 3 17
|
It will be necessary to take into account that some columns allow varchar other text and the search should be carried out by different methods, where just by mask, where is full-text search. It is easy to select all columns of all tables.
SELECT column_name FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME IN ( SELECT DISTINCT TABLE_NAME FROM INFORMATION_SCHEMA.TABLES WHERE table_schema = 'название базы') Further AND and it is possible to implement the search algorithm for the substring 'eval'
Deleted
351 one five 13
zippp zippp
1.511 eight 13
- not steamed, made a base dump and contontrafile eval and so on. Unfortunately did not find anything - Nepster
- Why "Unfortunately? If there is a problem with the execution of some third-party code, then look not only in the database but also in the files themselves, recently I found several files in the old project with an added redirect first. I advise you to look at the account of the presence of not only the string "eval", but also "base64" - zippp
- that is just the point: I found 200 mb of virus on the site, and it somehow stably enters once a week. I checked the database, on the systems, executions, and so on .. is empty, ips the site's files with antivirus, manual search, is empty. FTP passwords change every week. In the pictures I was looking for a malicious code, everything is also empty. I can not understand where the hole - Nepster
- write to the hosters, even if they check for themselves, it is quite possible they are being broken and there they are already getting to you, let the logs see who the malware file was, when, under which user, etc. Also, of course, check your computer. And just in case, look at the cron on the host - it is quite possible that the functionality of downloading the malicious code will be thrown there once a week, and then no change of passwords will of course be unimportant. - zippp
- @zippp, I have a similar task, just not looking for a malicious code, but an ordinary string, for example, ABCGD. Do not tell me how to supplement your request? I tried to add at the very end and column_name like '% ABCGD%', but it seems to me that I was mistaken - Nicholas Essen
|