(MSSQL) INJECTION SEARCH QUERY

DB 2017. 4. 13. 21:59
728x90
declare @T varchar(255), @C varchar(255);
declare Table_Cursor CURSOR FOR
SELECT a.name,b.name
FROM sysobjects a,syscolumns b
WHERE a.id = b.id AND a.xtype = 'u' AND
(b.xtype = 99 or
b.xtype = 35 or
b.xtype = 231 or
b.xtype = 167);
OPEN Table_Cursor;
FETCH NEXT FROM Table_Cursor INTO @T,@C;
WHILE (@@FETCH_STATUS = 0)BEGIN
exec('select['+@C+'] from ['+@t+'] where ['+@C+'] like ''%<script%''');
-- print 'select['+@C+'] from ['+@t+'] where ['+@C+'] like ''%<script%</script>'''
FETCH NEXT FROM Table_Cursor INTO @T, @c;
END;
CLOSE Table_Cursor;
DEALLOCATE Table_Cursor;

 

728x90

'DB' 카테고리의 다른 글

(MSSQL) 커서(CURSOR) - FORWARD_ONLY,SCROLL  (0) 2017.04.13
(MSSQL) RAISERROR  (0) 2017.04.13
(MSSQL) SQL FULLTEXT INDEX, CONTAIN  (0) 2017.04.13
(MSSQL) XML 데이터 형식  (0) 2017.04.13
(MSSQL) 특정 컬럼이 있는 테이블 이름 뽑아내기  (0) 2017.04.13
Posted by kjun.kr
,