ASP-implemented code for querying the location of a keyword in the MSSQL database

Function: search the entire database by using a keyword, and then return the table name and column name of the keyword. (Awesome... in particular, when the table where the user name and password are not found during intrusion, if you can directly find the field by entering the keyword admin... saving you the need to read a table .) According to that statement, I wrote an ASP script to help you search for the database later.

Code As follows: Copy code The Code is as follows: <%
'Confirm A keyword' s position of a database (which table & which column)
By oldjun (http://www.oldjun.com)
Based on huangzi (http://www.2chuizi.com)'s SQL
Server. scripttimeout = 999999999
Response. Buffer = true
On Error resume next
Keyword = request ("keyword ")
If keyword = "" then
Response. Write "need keyword! "
Response. End
End if
Dim Conn
Set conn = server. Createobject ("ADODB. Connection ")
Dim connstr
'Ononstring, pls change!
Connstr = "driver = {SQL Server}; server = localhost; uid = sa; Pwd = sa; database = Master"
Conn. Open connstr
Conn.exe cute ("create table huangzi_table (ID int identity (1, 1), biaoid int, biaoname nvarchar (1000 ))")
Conn.exe cute ("insert huangzi_table select [ID], [name] From sysobjects where xtype = 'U '")
Set Rs limit conn.exe cute ("select count (ID) as tnum from huangzi_table ")
Tnum = RS ("tnum ")
Rs. Close
Set rs = nothing
For I = 1 to tnum
Set rsbiao into conn.exe cute ("select biaoid from huangzi_table where id =" & I &"")
Biaoid = rsbiao ("biaoid ")
Set rst into conn.exe cute ("select [biaoname] From huangzi_table where biaoid =" & biaoid &"")
Tname = RST ("biaoname ")
Set rsl=conn.exe cute ("select count ([name]) as lnum from syscolumns where id =" & biaoid &"")
Lnum = RSL ("lnum ")
For j = 1 to lnum
Topnum = J-1
Set rslieappsconn.exe cute ("select top 1 [name] From syscolumns where id =" & biaoid & "and [name] Not in
(Select top "& topnum &" [name] From syscolumns where id = "& biaoid &")")
Liename = rslie ("name ")
Set rsresult=conn.exe cute ("select top 1 [" & liename & "] from [" & tname & "] Where cast ([" & liename & "] As nvarchar (1000 )) = '"& keyword &"'")
If rsresult. BOF or rsresult. EOF then
'Response. Write "nothing-" & tname & ":" & liename
'Response. Write "<br>"
Else
Result = rsresult (liename)
Response. Write result & "(" & tname & ":" & liename &")"
Response. Write "<br>"
End if
Rslie. Close
Set rslie = nothing
Rsresult. Close
Set rsresult = nothing
Next
Rsbiao. Close
Set rsbiao = nothing
RST. Close
Set rst = nothing
RSL. Close
Set RSL = nothing
Next
Conn.exe cute ("Drop table huangzi_table ")
%>

Note: The efficiency is very poor, and may be suspended during use. Please wait patiently. The large database is not used. The code is simple, simple functions are implemented, and there is no technical content, so it will be retained for future use; there is a cache problem when changing the connection statement. We recommend that you restart your browser!