This is nothing too fancy, but may help anyone who has to deal with this issue. Recently a client’s [very old] website was compromised by a sql injection attack. The infected records all had a script appended to their TEXT field, “body”. Instead of cleaning these manually as I first thought I would, I came up with this simple CF page.
<cfquery name="read" dataSource="#session.datasource#"> SELECT id, body FROM news_pr WHERE (body LIKE '<script>') </cfquery> <cfoutput query="read"> #id#: #findNoCase("<script>", body)#: <cfset newString = left(body,findNoCase("<script>", body)-1)> #left(newString,50)#...#right(newString,100)# <br><br> <cfset form.body = newString> <cfset form.id = read.id> <cfupdate tableName="news_pr" dataSource="#session.datasource#"> <cfflush> </cfoutput>
Quick and dirty, I know. But it worked.
Of course, this only works if the injected material is at the end of the text field.