信息安全狂热者

## 数据库信息检索技巧

部分摘自网络

sql server 全部库：
===================================================================
declare @i int,@id int,@dbname varchar(255),@sql varchar(255)
set @i = 6
set @id=(select count(*) from master..sysdatabases)

drop table #t
create table #t (
dbname varchar(255),
tablename varchar(255),
columnname varchar(255)
)

while (@i < @id)
begin
set @i = @i + 1;
set @dbname = (select name from master..sysdatabases where dbid= @i)
set @sql = 'use '+ @dbname+';insert [#t] select table_catalog,table_name,column_name from information_schema.columns where column_name like ''%pass%'' or column_name like ''%pwd%'' or column_name like ''%mail%'''
exec (@sql)
--print @sql
end

select * from #t
drop table #t

go


sql server单个库：
====================================================================

SELECT sysobjects.name as tablename, syscolumns.name as columnname FROM sysobjects JOIN syscolumns ON sysobjects.id = syscolumns.id WHERE sysobjects.xtype = 'U' AND (syscolumns.name LIKE '%pass%' or syscolumns.name LIKE '%pwd%' or syscolumns.name LIKE '%first%');


mysql全库：
===================================================================
select table_schema,table_name,column_name from information_schema.columns where table_schema !=0x696E666F726D6174696F6E5F736368656D61 and table_schema !=0x6D7973716C and table_schema !=0x706572666F726D616E63655F736368656D61 and (column_name like '%pass%' or column_name like '%pwd%');


sql server 全库搜关键字符
===================================================================
declare @str varchar(100)
set @str='test' --要搜索的字符串

declare @s varchar(8000)
declare tb cursor local for
select s='if exists(select 1 from ['+b.name+'] where ['+a.name+'] like ''%'+@str+'%'')
print ''所在的表及字段: ['+b.name+'].['+a.name+']'''
from syscolumns a join sysobjects b on a.id=b.id
where b.xtype='U' and a.status>=0
and a.xusertype in(175,239,231,167)
open tb
fetch next from tb into @s
while @@fetch_status=0
begin
exec(@s)
fetch next from tb into @s
end
close tb
deallocate tb

## 模糊搜索表名
SELECT sysobjects.name as tablename, sysobjects.xtype as xtype FROM sysobjects
where (sysobjects.xtype = 'U' or sysobjects.xtype = 'V') and sysobjects.name like '%Event%'

www.tg-me.com/us/信息安全狂热者/com.Safecraze/23

6.0K viewsJul 10, 2020 at 06:53

## 数据库信息检索技巧

部分摘自网络

sql server 全部库：
===================================================================
declare @i int,@id int,@dbname varchar(255),@sql varchar(255)
set @i = 6
set @id=(select count(*) from master..sysdatabases)

drop table #t
create table #t (
dbname varchar(255),
tablename varchar(255),
columnname varchar(255)
)

while (@i < @id)
begin
set @i = @i + 1;
set @dbname = (select name from master..sysdatabases where dbid= @i)
set @sql = 'use '+ @dbname+';insert [#t] select table_catalog,table_name,column_name from information_schema.columns where column_name like ''%pass%'' or column_name like ''%pwd%'' or column_name like ''%mail%'''
exec (@sql)
--print @sql
end

select * from #t
drop table #t

go


sql server单个库：
====================================================================

SELECT sysobjects.name as tablename, syscolumns.name as columnname FROM sysobjects JOIN syscolumns ON sysobjects.id = syscolumns.id WHERE sysobjects.xtype = 'U' AND (syscolumns.name LIKE '%pass%' or syscolumns.name LIKE '%pwd%' or syscolumns.name LIKE '%first%');


mysql全库：
===================================================================
select table_schema,table_name,column_name from information_schema.columns where table_schema !=0x696E666F726D6174696F6E5F736368656D61 and table_schema !=0x6D7973716C and table_schema !=0x706572666F726D616E63655F736368656D61 and (column_name like '%pass%' or column_name like '%pwd%');


sql server 全库搜关键字符
===================================================================
declare @str varchar(100)
set @str='test' --要搜索的字符串

declare @s varchar(8000)
declare tb cursor local for
select s='if exists(select 1 from ['+b.name+'] where ['+a.name+'] like ''%'+@str+'%'')
print ''所在的表及字段: ['+b.name+'].['+a.name+']'''
from syscolumns a join sysobjects b on a.id=b.id
where b.xtype='U' and a.status>=0
and a.xusertype in(175,239,231,167)
open tb
fetch next from tb into @s
while @@fetch_status=0
begin
exec(@s)
fetch next from tb into @s
end
close tb
deallocate tb

## 模糊搜索表名
SELECT sysobjects.name as tablename, sysobjects.xtype as xtype FROM sysobjects
where (sysobjects.xtype = 'U' or sysobjects.xtype = 'V') and sysobjects.name like '%Event%'

BY 信息安全狂热者