pl plusÖ´Ðб¾µØµÄsqlÎļþÖеÄsqlÓï¾ä
¹¦ÄÜ£ºpl plusÖ´Ðб¾µØµÄsqlÎļþÖеÄsqlÓï¾ä
˵Ã÷£º±ÈÈ磺e:\zhaozhenlongÏÂÓÐcreate_table.sqlÎļþ£¬Ôò°´ÈçÏ·½·¨Ö´ÐУº
²½Ö裺
1¡¢ÔÚpl plusµÄ windowÏ£¬
2¡¢Ö´ÐУº
@e:\zhaozhenlong\drop_table.sql
@e:\zhaozhenlong\create_table.sql
Ïà¹ØÎĵµ£º
drop table #t
create table #t(req_spid int,obj_name sysname)
declare @s nvarchar(4000)
,@rid int,@dbname sysname,@id int,@objname sysnam ......
1. SQLÓÅ»¯µÄÔÔòÊÇ£º
½«Ò»´Î²Ù×÷ÐèÒª¶ÁÈ¡µÄBLOCKÊý¼õµ½×îµÍ,¼´ÔÚ×î¶ÌµÄʱ¼ä´ïµ½×î´óµÄÊý¾ÝÍÌÍÂÁ¿¡£
µ÷Õû²»Á¼SQLͨ³£¿ÉÒÔ´ÓÒÔϼ¸µãÇÐÈ룺
¼ì²é²»Á¼µÄSQL£¬¿¼ÂÇÆäд·¨ÊÇ·ñ»¹ÓпÉÓÅ»¯ÄÚÈÝ
¼ì²é×Ó²éѯ ¿¼ÂÇSQL×Ó²éѯÊÇ·ñ¿ÉÒÔÓüòµ¥Á¬½Óµ ......
ÏÖÔڱȽÏÁ÷ÐеÄSQL×¢È빤¾ßµÄ¹¤×÷·½Ê½ÊÇͨ¹ýGETºÍPOSTÀ´Íê³É¾ßÌåµÄ×¢Èë¡£ÎÒÃÇ¿ÉÒÔ½«×¢ÈëʱËùÓõ½µÄÒ»ÇзûºÅ¹ýÂ˵ô¡£ÄÇôÎÒÃÇ¿ÉÒÔͨ¹ý¼òµ¥µÄÅжÏÓï¾äÀ´´ïµ½Ä¿µÄ¡£ÎÒÃÇÏÈÀ´¹ýÂËGET°É¡£
´úÂëÈçÏ£º
dim sql_injdata SQL_inj SQL_Get
SQL_injdata = "’|and|exec|insert|select|delete|update|count|*|%|chr|mid|mast ......
(1)char¡¢varchar¡¢textºÍnchar¡¢nvarchar¡¢ntext
charºÍvarcharµÄ³¤¶È¶¼ÔÚ1µ½8000Ö®¼ä£¬ËüÃǵÄÇø±ðÔÚÓÚcharÊǶ¨³¤×Ö·ûÊý¾Ý£¬¶øvarcharÊDZ䳤×Ö·ûÊý¾Ý¡£Ëùν¶¨³¤¾ÍÊdz¤¶È¹Ì¶¨µÄ£¬µ±ÊäÈëµÄÊý¾Ý³¤¶ÈûÓдﵽָ¶¨µÄ³¤¶Èʱ½«×Ô¶¯ÒÔÓ¢ÎÄ¿Õ¸ñÔÚÆäºóÃæÌî³ä£¬Ê¹³¤¶È´ïµ½ÏàÓ¦µÄ³¤¶È£»¶ø±ä³¤×Ö·ûÊý¾ÝÔò²»»áÒÔ¿Õ¸ñÌî³ä¡£text´æ´¢¿É±ä ......
¹¦ÄÜ£ºpl/sqlÖ´Ðб¾µØµÄsqlÎļþÖеÄsqlÓï¾ä
˵Ã÷£º±ÈÈ磺e:\zhaozhenlongÏÂÓÐcreate_table.sqlÎļþ£¬Ôò°´ÈçÏ·½·¨Ö´ÐУº
²½Ö裺
1¡¢ÔÚpl/sqlµÄcommand windowÏ£¬
»òÔÚwindowsµÄ¿ªÊ¼/'ÔËÐÐ'Ï£¬sqlplus /nolog; connect cs@orademo;
2¡¢Ö´ÐУº
@@e:\zhaozhenlong\drop_table ......
