sql×¢ÈëÍ»Æƹؼü×Ö¹ýÂË

Ò»Ö±ÒÔÀ´¶¼ÒÔΪֻÓпոñ£¬tab¼üºÍ×¢ÊÍ·û/**/¿ÉÒÔÓÃÀ´Çиîsql¹Ø¼ü×Ö£¬¶Îʱ¼ä
ÔÚа°Ë¿´ÁË·çѸcms×¢È멶´ÄÇƪÌû×Ó£¬²ÅÖªµÀÔ­À´»Ø³µÒ²¿ÉÒÔÓÃÀ´×÷Ϊ·Ö¸î·û£¨
ÒÔÇ°¾¹È»Ã»ÓÐÏëµ½£¬ÕæÊÇʧ°Ü£©¡£»Ø³µµÄasciiÂëÊÇchr(13)&chr(10)£¬ÖÁÓÚΪʲ
ôҪÁ½¸öÁ¬ÔÚÒ»Æð£¬Õâ¸öÎÒÒ²²»ÖªµÀ¡£×ª»»³Éurl±àÂëÐÎʽÊÇ%0d%0a£¬ÓÚÊǾͿÉÒÔ
ÓÃ%0d%0a´úÌæ¿Õ¸ñpassһЩ¹ýÂË¿Õ¸ñµÄ¼ì²éÁË¡£
ÒýÉêһϣ¬Ö»ÓÃ%0dÄÜÕý³£Ö´ÐÐÓï¾äÂð£¿Ö»ÓÃ%0aÄØ£¿²âÊÔÖ¤Ã÷£¬ÓÃÈÎÒâÒ»ÖÖ·Ö¸î
ÔÚmssql¡¢mysqlºÍaccessÀïÃ涼ÊÇ¿ÉÒԵġ£
ÁíÍ⣬¹ØÓÚmssqlµÄ¶àÓï¾äÎÊÌâ¡£ÎÒÒÔÇ°Ò»Ö±ÒÔΪ±ØÐëÓ÷ֺÅ×÷ΪÓï¾äµÄ½á⣬ºó
À´·¢ÏÖ£¬ÍêÈ«²»ÊÇÄÇÑù¡£ÀàËÆ
Copy code
select * from table exec xp_cmdshell'xxxxxxxxxx'
select * from table/**/exec xp_cmdshell'xxxxxxxxxx'
select * from table|---tab---|exec xp_cmdshell'xxxxxxxxxx'
select * from table|---enter---|exec xp_cmdshell'xxxxxxxxxx'
µÄÓï¾ä¶¼ÊÇ¿ÉÒÔÕý³£Ö´Ðеġ£¶øÎÒÒÔÇ°¾¹È»Ò»Ö±²»ÖªµÀ£¡²»¹ýÕâ¸öòËƸúÁ¬½ÓÊý
¾Ý¿âÇý¶¯ÓйØϵ£¬odbc¿ÉÒÔÕý³£Ö´ÐУ¬sqloledbµÄ»°¾Í»á±¨´í¡£ÓÐÐËȤµÄ¼ÌÐøÑÐ
¾¿°É
ÕâÑù£¬ÒÔºóÓöµ½´ø¿Õ¸ñ¹ýÂ˹ؼü×ÖµÄÀ¹½Ø³ÌÐò£¬ÓÖ¿ÉÒÔ·¢»Ó·¢»ÓÁË
¿ÉÄÜ´ó¼ÒÔç¾ÍÖªµÀÁË£¬²»¹ÜÔõô˵£¬·¢ÔÚÕâÀï°É£¡
×î½üÏëÆð¿ÉÄÜ»¹ÓÐЩasciiÂë¿ÉÒÔÓÃÀ´ÔÚsqlÓï¾äÖдúÌæ¿Õ¸ñ£¬ÓÚÊÇд¸ö½Å±¾²âÊÔ
ÁËһϣ¬½á¹ûÔÚËùÓÐ128¸öµÍλascii×Ö·ûÖУ¬chr(12)Ò²¿ÉÒÔÔÚaccessÀïÓ㬲»¹ý
òËÆchr(12)²»ÄܳöÏÖÔÚand¡¢orÖ®ÀàµÄ¹Ø¼ü´Ê¸½½ü£¬Ô­Òò²»Çå³þ¡£mysqlÖбÈ
access¶àÒ»¸öchr(11)¿ÉÒÔ¡£ÖÁÓÚmssql£¬ÍÚÈÕ£¬Ö±½Ó´Ó1µ½32µÄasciiÂë»»³É×Ö·û
ºó¶¼¿ÉÒÔÕý³£Ê¹Óá£