asp实现的查询某关键词在MSSQL数据库位置的代码
2018-09-06 11:07
功能是:以一个关键字为索引,搜索整个数据库,然后返回那个关键字所在的表名和列名。(很赞...特别是入侵的时候找不到用户名与密码所在的表的时候,如果能直接通过输入admin这个关键词找出字段...省得一个表一个表的看了。)于是根据那段语句,写了个asp的脚本,方便大家以后搜寻数据库。
代码如下:
复制代码 代码如下:
<%
Confirm a keywords position of a database(which table & which column)
By oldjun(
Based on huangzi(
Server.ScriptTimeout=999999999
Response.Buffer =true
On Error Resume Next
keyword=request(keyword)
if keyword= then
response.write Need keyword!
response.End
End if
dim conn
Dim ConnStr
ConnectionString,Pls change!
ConnStr=Driver={SQL SERVER};Server=localhost;UID=sa;PWD=sa;Database=master
Conn.open ConnStr
conn.execute(CREATE TABLE huangzi_table(id int identity(1,1),biaoid int,biaoname nvarchar(1000)))
conn.execute(insert huangzi_table select [id],[name] from sysobjects where xtype=U)
set rs =conn.execute(select count(id) as tnum from huangzi_table)
tnum=rs(tnum)
rs.close
set rs=nothing
for i=1 to tnum
set rsbiao =conn.execute(select biaoid from huangzi_table where id=&i&)
biaoid=rsbiao(biaoid)
set rst =conn.execute(select [biaoname] from huangzi_table where biaoid=&biaoid&)
tname=rst(biaoname)
set rsl=conn.execute(select count([name]) as lnum from syscolumns where id=&biaoid&)
lnum=rsl(lnum)
for j=1 to lnum
topnum=j-1
set rslie=conn.execute(select top 1 [name] from syscolumns where id=&biaoid& and [name] not in
(select top &topnum& [name] from syscolumns where id=&biaoid&))
liename=rslie(name)
set rsresult=conn.execute(select top 1 [&liename&] from [&tname&] where CAST([&liename&] AS NVARCHAR(1000))=&keyword&)
if rsresult.bof or rsresult.eof then
response.write Nothing-&tname&:&liename
response.write <br>
else
result=rsresult(liename)
response.write result&(&tname&:&liename&)
response.write <br>
End if
rslie.close
set rslie=nothing
rsresult.close
set rsresult=nothing
next
rsbiao.close
set rsbiao=nothing
rst.close
set rst=nothing
rsl.close
set rsl=nothing
next
conn.execute(DROP TABLE huangzi_table)
%>
注:效率很差,使用时可能出现假死, 请耐心等待,大库还是别用了;代码简单,实现的简单功能,没技术含量,留着以后备用;换连接语句的时候有个缓存问题,建议重启下浏览器!
下一篇:ASP抽取数据的执行效率