问题
I am trying to combine the results of xp_cmdshell with a select query.
I have tried union & read about creating a temp table, but as my result will be having only 1 column. To be more precise i need a smaller query to combine the results of xp_cmdshell with select query as am trying to use it in union based sql injection
For example:
Select name from employee
union
exec xp_cmdshell 'whoami'
I know this wont work but somewhat similar would be great :)
回答1:
Create a temp table and do insert into #temp EXEC.. or use OPENROESET. Refer this http://beyondrelational.com/modules/2/blogs/70/posts/10812/select-columns-from-exec-procedurename-is-this-possible.aspx
回答2:
You should know what this stored procedure returns and what outputs. Then when you know the table schema this procedure returns you may use the following syntax:
DECLARE @procedureOutput nvarchar(max)
SET @procedureOutput=Exec xp_cmdshell 'dir'
SELECT name FROM employee union @procedureOutput
If you need convert two different data types, CAST and CONVERT commands are for you.
来源:https://stackoverflow.com/questions/11503067/how-to-combine-stored-procedure-and-select-query-result