mssql 找指定库指定表

  • A+
所属分类:安全博客

找出包含关键字段的库和表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
declare @i int,@id int,@dbname varchar(255),@sql varchar(255)
set @i = 6
set @id=(select count(*) from master..sysdatabases)

create table #t (
dbname varchar(255),
tablename varchar(255),
columnname varchar(255)
)

while (@i < @id)
begin
set @i = @i + 1;
set @dbname = (select name from master..sysdatabases where dbid= @i)
set @sql = 'use '+ @dbname+';insert [#t] select table_catalog,table_name,column_name from information_schema.columns where column_name like ''%pass%'' or column_name like ''%pwd%'' or column_name like ''%mail%'''
exec (@sql)
print @sql
end

select * from #t
drop table #t

go

所有库中找某个表

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
DECLARE @SQL NVARCHAR(max)

SET @SQL = stuff((
SELECT '
UNION
SELECT ' + quotename(NAME, '''') + ' as Db_Name, Name collate SQL_Latin1_General_CP1_CI_AS as Table_Name
FROM ' + quotename(NAME) + '.sys.tables WHERE NAME LIKE ''%'' + @TableName + ''%'''
FROM sys.databases
ORDER BY NAME
FOR XML PATH('')
,type
).value('.', 'nvarchar(max)'), 1, 8, '')

--PRINT @SQL;

EXECUTE sp_executeSQL @SQL
,N'@TableName varchar(30)'
,@TableName = 'admin'

Source:wolvez.club | Author:wolvez

相关推荐: SQLI-LABS修炼笔记(一)

写在前面:作为一个萌新,想自己搭一个sqli-labs,中间历经了无数艰难,我win10系统用的是xampp,结果搭起来发现php版本太高了,xampp用的是php7以上的,然后自己用docker搭了一个,在ubantu用lamp搭了一个,又用phpstudy…

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: