The general idea of SQL injection attack
Discover the location of SQL injection;
Jud that type of the background database;
Determine the executable conditions of XP_CMDSHELL
Discover WEB virtual directories
Upload ASP Trojan horse;
Obtain administrator rights;
Steps of SQL injection attack
First, the judgment of SQL injection vulnerabilities.
Generally speaking, SQL injection generally exists in the following form: Options-Advanced-Check before displaying friendly HTTP error messages.
In order to explain the problem clearly, the following is the user aabbb/add "-"(master is the main database of SQL-SERVER; The semicolon in the name indicates the name of the statement before SQL-SERVER finishes executing the semicolon, and continues to execute the subsequent statements; The "-"sign is a comment, indicating that everything behind it is just a comment, and the system will not execute it. ) You can directly add an operating system account aaa, and the password is bbb.
4. Local group administrators aaa/add "- Add the newly added account AAA to the administrators group.
5.' pub\wwwroot\save.db' backs up all the data obtained to the WEB directory, and then downloads this file with HTTP (of course, you must know the WEB virtual directory first).
6. Create UNICODE vulnerabilities by copying CMD.
Pub\scripts\cmd.exe "creates a UNICODE vulnerability and controls the whole computer by using this vulnerability (of course, knowing the WEB virtual directory is the first choice).