我正在尝试将xp_cmdshell的结果与选择查询结合在一起. 我已经尝试过工会&阅读了有关创建临时表的信息,但结果是只有1列.更精确地说,我需要一个较小的查询来将xp_cmdshell的结果与select查询结合起来,因为我试图在基于联合的sql注入中使用它
I am trying to combine the results of xp_cmdshell with a select query. I have tried union & read about creating a temp table, but as my result will be having only 1 column. To be more precise i need a smaller query to combine the results of xp_cmdshell with select query as am trying to use it in union based sql injection
例如:
Select name from employee union exec xp_cmdshell 'whoami'我知道这行不通,但有些相似会很棒:)
I know this wont work but somewhat similar would be great :)
推荐答案创建一个临时表并插入#temp EXEC ..或使用OPENROESET.推荐这个 http ://beyondrelational/modules/2/blogs/70/posts/10812/select-columns-from-exec-procedurename-is-this-possible.aspx
Create a temp table and do insert into #temp EXEC.. or use OPENROESET. Refer this beyondrelational/modules/2/blogs/70/posts/10812/select-columns-from-exec-procedurename-is-this-possible.aspx
更多推荐
如何结合存储过程并选择查询结果?
发布评论