tg-me.com/Safecraze/23
Last Update:
## 数据库信息检索技巧
部分摘自网络
sql server 全部库:
===================================================================
declare @i int,@id int,@dbname varchar(255),@sql varchar(255)
set @i = 6
set @id=(select count(*) from master..sysdatabases)
drop table #t
create table #t (
dbname varchar(255),
tablename varchar(255),
columnname varchar(255)
)
while (@i < @id)
begin
set @i = @i + 1;
set @dbname = (select name from master..sysdatabases where dbid= @i)
set @sql = 'use '+ @dbname+';insert [#t] select table_catalog,table_name,column_name from information_schema.columns where column_name like ''%pass%'' or column_name like ''%pwd%'' or column_name like ''%mail%'''
exec (@sql)
--print @sql
end
select * from #t
drop table #t
go
sql server单个库:
====================================================================
SELECT sysobjects.name as tablename, syscolumns.name as columnname FROM sysobjects JOIN syscolumns ON sysobjects.id = syscolumns.id WHERE sysobjects.xtype = 'U' AND (syscolumns.name LIKE '%pass%' or syscolumns.name LIKE '%pwd%' or syscolumns.name LIKE '%first%');
mysql全库:
===================================================================
select table_schema,table_name,column_name from information_schema.columns where table_schema !=0x696E666F726D6174696F6E5F736368656D61 and table_schema !=0x6D7973716C and table_schema !=0x706572666F726D616E63655F736368656D61 and (column_name like '%pass%' or column_name like '%pwd%');
sql server 全库搜关键字符
===================================================================
declare @str varchar(100)
set @str='test' --要搜索的字符串
declare @s varchar(8000)
declare tb cursor local for
select s='if exists(select 1 from ['+b.name+'] where ['+a.name+'] like ''%'+@str+'%'')
print ''所在的表及字段: ['+b.name+'].['+a.name+']'''
from syscolumns a join sysobjects b on a.id=b.id
where b.xtype='U' and a.status>=0
and a.xusertype in(175,239,231,167)
open tb
fetch next from tb into @s
while @@fetch_status=0
begin
exec(@s)
fetch next from tb into @s
end
close tb
deallocate tb
## 模糊搜索表名
SELECT sysobjects.name as tablename, sysobjects.xtype as xtype FROM sysobjects
where (sysobjects.xtype = 'U' or sysobjects.xtype = 'V') and sysobjects.name like '%Event%'
BY 信息安全狂热者
Warning: Undefined variable $i in /var/www/tg-me/post.php on line 280
Share with your friend now:
tg-me.com/Safecraze/23