问题描述
我正在尝试将xp_cmdshell
的结果与选择查询结合在一起.我已经尝试过工会&阅读了有关创建临时表的信息,但结果是只有1列.更精确地说,我需要一个较小的查询来将xp_cmdshell
的结果与select查询结合起来,因为我试图在基于联合的sql注入中使用它
I am trying to combine the results of xp_cmdshell
with a select query.I have tried union & read about creating a temp table, but as my result will be having only 1 column. To be more precise i need a smaller query to combine the results of xp_cmdshell
with select query as am trying to use it in union based sql injection
例如:
Select name from employee
union
exec xp_cmdshell 'whoami'
我知道这行不通,但有些相似会很棒:)
I know this wont work but somewhat similar would be great :)
推荐答案
创建一个临时表并插入#temp EXEC ..或使用OPENROESET.推荐这个 http ://beyondrelational.com/modules/2/blogs/70/posts/10812/select-columns-from-exec-procedurename-is-this-possible.aspx
Create a temp table and do insert into #temp EXEC.. or use OPENROESET. Refer thishttp://beyondrelational.com/modules/2/blogs/70/posts/10812/select-columns-from-exec-procedurename-is-this-possible.aspx
这篇关于如何结合存储过程并选择查询结果?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!