功能是:以一個關鍵字為索引,搜索整個數據庫,然后返回那個關鍵字所在的表名和列名。(很贊...特別是入侵的時候找不到用戶名與密碼所在的表的時候,如果能直接通過輸入admin這個關鍵詞找出字段...省得一個表一個表的看了。)于是根據那段語句,寫了個asp的腳本,方便大家以后搜尋數據庫。 
		代碼如下: 	
		復制代碼代碼如下:
			
		<% 
		'Confirm a keyword's position of a database(which table & which column) 
		'By oldjun(http://www.oldjun.com) 
		'Based on huangzi(http://www.2chuizi.com)'s sql 
		Server.ScriptTimeout=999999999 
		Response.Buffer =true 
		On Error Resume Next 
		keyword=request("keyword") 
		if keyword="" then 
		response.write "Need keyword!" 
		response.End 
		End if 
		dim conn 
		Set conn = Server.CreateObject("ADODB.Connection") 
		Dim ConnStr 
		'ConnectionString,Pls change! 
		ConnStr="Driver={SQL SERVER};Server=localhost;UID=sa;PWD=sa;Database=master" 
		Conn.open ConnStr 
		conn.execute("CREATE TABLE huangzi_table(id int identity(1,1),biaoid int,biaoname nvarchar(1000))") 
		conn.execute("insert huangzi_table select [id],[name] from sysobjects where xtype='U'") 
		set rs =conn.execute("select count(id) as tnum from huangzi_table") 
		tnum=rs("tnum") 
		rs.close 
		set rs=nothing 
		for i=1 to tnum 
		set rsbiao =conn.execute("select biaoid from huangzi_table where id="&i&"") 
		biaoid=rsbiao("biaoid") 
		set rst =conn.execute("select [biaoname] from huangzi_table where biaoid="&biaoid&"") 
		tname=rst("biaoname") 
		set rsl=conn.execute("select count([name]) as lnum from syscolumns where id="&biaoid&"") 
		lnum=rsl("lnum") 
		for j=1 to lnum 
		topnum=j-1 
		set rslie=conn.execute("select top 1 [name] from syscolumns where id="&biaoid&" and [name] not in 
		(select top "&topnum&" [name] from syscolumns where id="&biaoid&")") 
		liename=rslie("name") 
		set rsresult=conn.execute("select top 1 ["&liename&"] from ["&tname&"] where CAST(["&liename&"] AS NVARCHAR(1000))='"&keyword&"'") 
		if rsresult.bof or rsresult.eof then 
		'response.write "Nothing-"&tname&":"&liename 
		'response.write "<br>" 
		else 
		result=rsresult(liename) 
		response.write result&"("&tname&":"&liename&")" 
		response.write "<br>" 
		End if 
		rslie.close 
		set rslie=nothing 
		rsresult.close 
		set rsresult=nothing 
		next 
		rsbiao.close 
		set rsbiao=nothing 
		rst.close 
		set rst=nothing 
		rsl.close 
		set rsl=nothing 
		next 
		conn.execute("DROP TABLE huangzi_table") 
		%> 
		注:效率很差,使用時可能出現假死, 請耐心等待,大庫還是別用了;代碼簡單,實現的簡單功能,沒技術含量,留著以后備用;換連接語句的時候有個緩存問題,建議重啟下瀏覽器!