Removing SQLi attack Quip Threads

Hi,

So it would appear someone's tried to SQL inject my website, doing no damage as far as I know, but leaving me with a whole collection of Quip threads that I don't want, with titles like "9999 and 1=1" or "blog-post-44 and if(1=1,BENCHMARK(10888800,MD5(0x41)),0)", as well as a lot of "blog-post-44 union all select null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null--", with varying lengths of nulls.

I don't mind losing all my comments to sort it, but uninstalling Quip doesn't clear the database, and I don't think I have access to do that myself. Right clicking on the thread and clicking "Remove Thread" doesn't do anything, or sometimes gives an error ("quip.thread_err_nf"); and I think by trying to remove them, it's attempting (and failing) to run the SQL code against the database.

Does anyone have any thoughts? Maybe a way to access the database via code? Thanks for your help!

----
Revolution 2.0.6-pl2, on a remote server to which I only have access via the manager and ftp.

2.0.6?! Wow...

Your host does not provide access to the database? PhpMyAdmin maybe?

Quote from: opengeek at Sep 25, 2013, 11:50 AM

2.0.6?! Wow...

Your host does not provide access to the database? PhpMyAdmin maybe?

Well, I can see the database tables (Reports->System Info->Database Tables), but I don't see any options for editing them.

I have on occasion installed my own phpMyAdmin, when I only had FTP access to the server.